62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59

General
Target

62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59

Size

55KB

Sample

210924-gzcv2agbb5

Score
10 /10
MD5

c88342b7f4b583c47b42dc05640b4056

SHA1

7be1282dcf2ef52f83532eb25217c66ed7084aa5

SHA256

62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59

SHA512

495084793684e208097aa1029b0875f83f57b0187b9bdd11acc99a5028d143c36314ff95796195b453b7558bd58ef99541c516fba61981b08afa739c033fb08c

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet @ HaCkInG By Dr WeSt @
C2

w187.ddns.net:2020

Attributes
reg_key
4ef9538b5a577a1bd3c1a578ea50c133
splitter
|'|'|
Targets
Target

62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59

MD5

c88342b7f4b583c47b42dc05640b4056

Filesize

55KB

Score
10 /10
SHA1

7be1282dcf2ef52f83532eb25217c66ed7084aa5

SHA256

62cc0a6c49abdef2906b8d9ebb2f60605ca5755d04d187e0b41682de13767e59

SHA512

495084793684e208097aa1029b0875f83f57b0187b9bdd11acc99a5028d143c36314ff95796195b453b7558bd58ef99541c516fba61981b08afa739c033fb08c

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation