303424A6536EEDB027734B0557A32A064CEB0ED35F225.exe

General
Target

303424A6536EEDB027734B0557A32A064CEB0ED35F225.exe

Size

342KB

Sample

210926-pp3byaehb6

Score
10 /10
MD5

ab09790ec8dbb4c257d8a7c0f3a49943

SHA1

1b45a0349f77c7e07b725d32a5a32e80c00eef24

SHA256

303424a6536eedb027734b0557a32a064ceb0ed35f225d3f434a010fa13fe106

SHA512

b420c0e0064de4038ad332316168e59ab88a6ffd63c5ccc1eb36c7b29a2b449591fc0af0557399e9677d8a503302c9e50ccf060f56e7c971cfe0d6ebeb814db3

Malware Config

Extracted

Family njrat
Version 0.7d
Botnet BAYRAMM
C2

cihan05.duckdns.org:1981

Attributes
reg_key
47da9b71ec9839dd4ca48977f70dcfda
splitter
|'|'|
Targets
Target

303424A6536EEDB027734B0557A32A064CEB0ED35F225.exe

MD5

ab09790ec8dbb4c257d8a7c0f3a49943

Filesize

342KB

Score
10 /10
SHA1

1b45a0349f77c7e07b725d32a5a32e80c00eef24

SHA256

303424a6536eedb027734b0557a32a064ceb0ed35f225d3f434a010fa13fe106

SHA512

b420c0e0064de4038ad332316168e59ab88a6ffd63c5ccc1eb36c7b29a2b449591fc0af0557399e9677d8a503302c9e50ccf060f56e7c971cfe0d6ebeb814db3

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Drops startup file

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10