General

  • Target

    a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2

  • Size

    61KB

  • Sample

    210929-k4sc3aecf2

  • MD5

    944c114e02b1d7fdc46e0b495cfc01c3

  • SHA1

    0b810447828a36ce22d905c0a5ca8ce6f38700ba

  • SHA256

    a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2

  • SHA512

    c5c30fdd8d2dbda2cfa1a10d56d7a7485cd0d565e49542fa6f9dd9c05ce2606feaef4855656ceab4e8f3bb60dd13f4fc564e6566ec23dcec8d8aca8d6b2d071c

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

@ HaCkInG By Dr WeSt @

C2

w187.ddns.net:2020

Mutex

4ef9538b5a577a1bd3c1a578ea50c133

Attributes
  • reg_key

    4ef9538b5a577a1bd3c1a578ea50c133

  • splitter

    |'|'|

Targets

    • Target

      a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2

    • Size

      61KB

    • MD5

      944c114e02b1d7fdc46e0b495cfc01c3

    • SHA1

      0b810447828a36ce22d905c0a5ca8ce6f38700ba

    • SHA256

      a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2

    • SHA512

      c5c30fdd8d2dbda2cfa1a10d56d7a7485cd0d565e49542fa6f9dd9c05ce2606feaef4855656ceab4e8f3bb60dd13f4fc564e6566ec23dcec8d8aca8d6b2d071c

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Discovery

System Information Discovery

1
T1082

Tasks