General

  • Target

    a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b

  • Size

    69KB

  • Sample

    210929-j3ak7aedcl

  • MD5

    dd9fa20e95d785d15ea9f9ab178876d5

  • SHA1

    4a926671cf12f506676d6cb13817e9a3fe2759f2

  • SHA256

    a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b

  • SHA512

    ec4734e0bc8a98701ce7f47999865d2acb2871f7df0d083c51c451b4c952b5b63e0da494df73656a5e549e973bd500a22c5d225bd8d9a1f6f6295702d1a52770

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

@ HaCkInG By Dr WeSt @

C2

w187.ddns.net:2020

Mutex

4ef9538b5a577a1bd3c1a578ea50c133

Attributes
  • reg_key

    4ef9538b5a577a1bd3c1a578ea50c133

  • splitter

    |'|'|

Targets

    • Target

      a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b

    • Size

      69KB

    • MD5

      dd9fa20e95d785d15ea9f9ab178876d5

    • SHA1

      4a926671cf12f506676d6cb13817e9a3fe2759f2

    • SHA256

      a3d76879d36c9e33eff1bc48b4154b3ef1e4f6a1c32cc584086629bef2673a0b

    • SHA512

      ec4734e0bc8a98701ce7f47999865d2acb2871f7df0d083c51c451b4c952b5b63e0da494df73656a5e549e973bd500a22c5d225bd8d9a1f6f6295702d1a52770

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Discovery

System Information Discovery

1
T1082

Tasks