c1865a6ccc50d10ec91518c9861ed005.exe

General
Target

c1865a6ccc50d10ec91518c9861ed005.exe

Size

31KB

Sample

210923-zv7tqafcf6

Score
10 /10
MD5

c1865a6ccc50d10ec91518c9861ed005

SHA1

493bf878ddc94d4a49c5d76243b083cb3d4c6a89

SHA256

5d4fc7275426bb63b90c5d97654e11011a513ebc66ee3af603d383e5175af38c

SHA512

d76af3962d5c9449e17d4663d285929afb4d9ca2da76684959d68802d53b27401992f9a26e849faa1300062d7950129608d95824d2441dc79de872399a2e137a

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet MyBot
C2

178.20.44.131:6522

Attributes
reg_key
949d1d181b4442e0ea82dab5035cb1d3
splitter
Y262SUCZ4UJJ
Targets
Target

c1865a6ccc50d10ec91518c9861ed005.exe

MD5

c1865a6ccc50d10ec91518c9861ed005

Filesize

31KB

Score
10 /10
SHA1

493bf878ddc94d4a49c5d76243b083cb3d4c6a89

SHA256

5d4fc7275426bb63b90c5d97654e11011a513ebc66ee3af603d383e5175af38c

SHA512

d76af3962d5c9449e17d4663d285929afb4d9ca2da76684959d68802d53b27401992f9a26e849faa1300062d7950129608d95824d2441dc79de872399a2e137a

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    10/10