1ca2fa1eacf168c97e2663f7bbbe64afe6569ade725ed84f4ee1fe91aa27e83f

General
Target

1ca2fa1eacf168c97e2663f7bbbe64afe6569ade725ed84f4ee1fe91aa27e83f

Size

152KB

Sample

210924-gx7mmagaej

Score
10 /10
MD5

c2b9c99086b64ed5ef6ae1bd34288013

SHA1

43a4fdff438bb03812aaf9cf273c5021a21623f8

SHA256

1ca2fa1eacf168c97e2663f7bbbe64afe6569ade725ed84f4ee1fe91aa27e83f

SHA512

7e2595d992653ba5b332514379ab2ea8aca86eefbe6c89f3970a3ea5c36f1922d88dda3341f269a5754fd4b87e0a3ed9eca1a79b6ee16c8482741401d0087391

Malware Config

Extracted

Family njrat
Version v2.0
Botnet HacKed
C2

daddygvgv.ddns.net:1177

Attributes
reg_key
Windows
splitter
|-F-|
Targets
Target

1ca2fa1eacf168c97e2663f7bbbe64afe6569ade725ed84f4ee1fe91aa27e83f

MD5

c2b9c99086b64ed5ef6ae1bd34288013

Filesize

152KB

Score
10 /10
SHA1

43a4fdff438bb03812aaf9cf273c5021a21623f8

SHA256

1ca2fa1eacf168c97e2663f7bbbe64afe6569ade725ed84f4ee1fe91aa27e83f

SHA512

7e2595d992653ba5b332514379ab2ea8aca86eefbe6c89f3970a3ea5c36f1922d88dda3341f269a5754fd4b87e0a3ed9eca1a79b6ee16c8482741401d0087391

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10