05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

General
Target

05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

Size

863KB

Sample

210921-k3mfeshac2

Score
10 /10
MD5

f5df22a0a21deb1bae571555826e9076

SHA1

f5621b1ee4d1466c06a2a137d46015107aa2855a

SHA256

05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

SHA512

800d0d564ed89944f6cee9c3bb3cbee991b12db644f55ed95afc42faa1f58dba208d66187392a50f53b6380ca6c2f1e1fa509d510caccecad842851b5779ef3e

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

10.10.10.10:5552

Attributes
reg_key
0dc24807523d3cd24b54cd0996e4c49b
splitter
|'|'|
Targets
Target

05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

MD5

f5df22a0a21deb1bae571555826e9076

Filesize

863KB

Score
10 /10
SHA1

f5621b1ee4d1466c06a2a137d46015107aa2855a

SHA256

05df8d39bcf7d65dbedad8a9c01f2b225058a3933373cfee185831791f21de9a

SHA512

800d0d564ed89944f6cee9c3bb3cbee991b12db644f55ed95afc42faa1f58dba208d66187392a50f53b6380ca6c2f1e1fa509d510caccecad842851b5779ef3e

Tags

Signatures

  • UAC bypass

    Tags

    TTPs

    Bypass User Account Control Disabling Security Tools Modify Registry
  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                  Tasks

                  static1

                  5/10