General

  • Target

    495135344619bad53ac992d52fb75b420130b856b65ceabad2748a4236bbd322

  • Size

    348KB

  • Sample

    210930-pf2daahgdl

  • MD5

    88d0f51fc3b2ef2240e380af7049e4d8

  • SHA1

    e1c7afcd9d7f6a799bf31e0c18b3bdd8f606797b

  • SHA256

    495135344619bad53ac992d52fb75b420130b856b65ceabad2748a4236bbd322

  • SHA512

    bcaefb06880cc43c91146783a3a5a6bc131bfd8ee6f4025e83826cdd526b154795b54eb4ef5565b3232d1d8ed7738dc7d1f3daaca492497c48a72cc1e0b98bd5

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

target

C2

YmFnZ2FyZDQ0Ny5kZG5zLm5ldAStrikStrik:MTQyNA==

Mutex

65ed37917c4238fcafbc7ab4f27cdda6

Attributes
  • reg_key

    65ed37917c4238fcafbc7ab4f27cdda6

  • splitter

    |'|'|

Targets

    • Target

      495135344619bad53ac992d52fb75b420130b856b65ceabad2748a4236bbd322

    • Size

      348KB

    • MD5

      88d0f51fc3b2ef2240e380af7049e4d8

    • SHA1

      e1c7afcd9d7f6a799bf31e0c18b3bdd8f606797b

    • SHA256

      495135344619bad53ac992d52fb75b420130b856b65ceabad2748a4236bbd322

    • SHA512

      bcaefb06880cc43c91146783a3a5a6bc131bfd8ee6f4025e83826cdd526b154795b54eb4ef5565b3232d1d8ed7738dc7d1f3daaca492497c48a72cc1e0b98bd5

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks