General

  • Target

    af5498fc7e4948739f2320fdd8cc7dc5.exe

  • Size

    23KB

  • Sample

    211022-xdjpfschfr

  • MD5

    af5498fc7e4948739f2320fdd8cc7dc5

  • SHA1

    3aa3c8c4126f60c4d1c2234feb03c62aaa9611a9

  • SHA256

    1424f40ca88848f45446ad55cc6afe2f929339b7e239389818a1ce8bbaa1580d

  • SHA512

    d264932154bb2238bbf613fa6aca76b2bbf58de65b61aabfee3e9459b60922387fc610a7d16ec9f12b9012a2e60d3c34e7456746e921ff7395651305ca4142ae

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

6.tcp.ngrok.io:15339

Mutex

b5dc483fecb7c6984a665f97dcaabbda

Attributes
  • reg_key

    b5dc483fecb7c6984a665f97dcaabbda

  • splitter

    |'|'|

Targets

    • Target

      af5498fc7e4948739f2320fdd8cc7dc5.exe

    • Size

      23KB

    • MD5

      af5498fc7e4948739f2320fdd8cc7dc5

    • SHA1

      3aa3c8c4126f60c4d1c2234feb03c62aaa9611a9

    • SHA256

      1424f40ca88848f45446ad55cc6afe2f929339b7e239389818a1ce8bbaa1580d

    • SHA512

      d264932154bb2238bbf613fa6aca76b2bbf58de65b61aabfee3e9459b60922387fc610a7d16ec9f12b9012a2e60d3c34e7456746e921ff7395651305ca4142ae

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks