General

  • Target

    71078D7CF6428403D8E6298613B1D2932D16129A0E033.exe

  • Size

    222KB

  • Sample

    211107-b1tmaadhar

  • MD5

    9ba09fe66a6c0f30ccc1800487e14a33

  • SHA1

    56a97a459acf4cd6403eaa174944f1d1db7957c6

  • SHA256

    71078d7cf6428403d8e6298613b1d2932d16129a0e033f0c008abd7fb194ba80

  • SHA512

    88679b1b788741d52c1a2d443fe4906231d1c7b7aa475bf1b22465d1e51001902f9d42aebc74680217cc69ecb79dbe1bad1e4962452b6416ae8071e6feb310b1

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

180721

C2

185.222.57.203:2282

Mutex

866d16940c2b513b37047e4f825bb8ff

Attributes
  • reg_key

    866d16940c2b513b37047e4f825bb8ff

  • splitter

    |'|'|

Targets

    • Target

      71078D7CF6428403D8E6298613B1D2932D16129A0E033.exe

    • Size

      222KB

    • MD5

      9ba09fe66a6c0f30ccc1800487e14a33

    • SHA1

      56a97a459acf4cd6403eaa174944f1d1db7957c6

    • SHA256

      71078d7cf6428403d8e6298613b1d2932d16129a0e033f0c008abd7fb194ba80

    • SHA512

      88679b1b788741d52c1a2d443fe4906231d1c7b7aa475bf1b22465d1e51001902f9d42aebc74680217cc69ecb79dbe1bad1e4962452b6416ae8071e6feb310b1

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks