dffffd.exe

General
Target

dffffd.exe

Size

661KB

Sample

210922-vm9acsdcc9

Score
10 /10
MD5

75877c7f6a8b5a2642c5b3c389444394

SHA1

9168024a9c3a28d5be15953eccaeb5bff68b9601

SHA256

ef8c7077685d93118f27d7c334f60a440b31e127989748078057c5855c35aba9

SHA512

e2cb7c74989493526c67cc569e9503be079693d8d65874f283889768db07160fe2bda293f9d045c87261948ddedb291c06ca9dcdae8c4cd81c0a51eb5748742e

Malware Config

Extracted

Family njrat
Version v4.0
Botnet Wed_22_GreenLife
C2

37.120.141.158:18892

Attributes
reg_key
Windows
splitter
|-F-|
Targets
Target

dffffd.exe

MD5

75877c7f6a8b5a2642c5b3c389444394

Filesize

661KB

Score
10 /10
SHA1

9168024a9c3a28d5be15953eccaeb5bff68b9601

SHA256

ef8c7077685d93118f27d7c334f60a440b31e127989748078057c5855c35aba9

SHA512

e2cb7c74989493526c67cc569e9503be079693d8d65874f283889768db07160fe2bda293f9d045c87261948ddedb291c06ca9dcdae8c4cd81c0a51eb5748742e

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      1/10