Payload.bin

General
Target

Payload.bin

Size

27KB

Sample

210919-2fqyrsfbgj

Score
10 /10
MD5

c33318247f0f443ed1a25af2f9b76cf0

SHA1

30388f9d86200fec836bd2995f87a66c06cf3d9e

SHA256

c20aa2c35db0a9c2f811241e8ed3e959c5f297c41f11f9ea4d59def9c3219a81

SHA512

6e5562964b36083bf5f5496262fb39b16a78c903e2729f2c982d5906482c33cc5725d14e00998de489f66b69e73c21af15fbc125297ca37cead472e8138b4557

Malware Config

Extracted

Family njrat
Version v2.0
Botnet HacKed
C2

efficient-oil.auto.playit.gg:55457

Attributes
reg_key
Windows
splitter
|-F-|
Targets
Target

Payload.bin

MD5

c33318247f0f443ed1a25af2f9b76cf0

Filesize

27KB

Score
10 /10
SHA1

30388f9d86200fec836bd2995f87a66c06cf3d9e

SHA256

c20aa2c35db0a9c2f811241e8ed3e959c5f297c41f11f9ea4d59def9c3219a81

SHA512

6e5562964b36083bf5f5496262fb39b16a78c903e2729f2c982d5906482c33cc5725d14e00998de489f66b69e73c21af15fbc125297ca37cead472e8138b4557

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Description

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    Tags

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks