e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

General
Target

e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

Size

863KB

Sample

210921-kjqnqsbehk

Score
10 /10
MD5

61cc86c500d27fb8ee7cdcbf3f51654e

SHA1

da823449b046aabc24d82519619235e4800dfd22

SHA256

e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

SHA512

2a5d6ea3516c248a4f87ceb877417320e0324f80c8177d944f64f999724d9a4af334b5bc581bf00e4f1b49d30dab4f8bb516514eb4be6d673b5c30e35e4e5384

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet HacKed
C2

10.10.10.10:4444

Attributes
reg_key
68746e5f270d3b8fbd6f47be0fcb6282
splitter
|'|'|
Targets
Target

e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

MD5

61cc86c500d27fb8ee7cdcbf3f51654e

Filesize

863KB

Score
10 /10
SHA1

da823449b046aabc24d82519619235e4800dfd22

SHA256

e921d5f11cbdb49edbc84df43345e162f6c949e717afee3404ca5605c550c69d

SHA512

2a5d6ea3516c248a4f87ceb877417320e0324f80c8177d944f64f999724d9a4af334b5bc581bf00e4f1b49d30dab4f8bb516514eb4be6d673b5c30e35e4e5384

Tags

Signatures

  • UAC bypass

    Tags

    TTPs

    Bypass User Account Control Disabling Security Tools Modify Registry
  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                  Tasks

                  static1

                  5/10