General

  • Target

    10cb99fab4a2d03fb923bab83d64def6.exe

  • Size

    178KB

  • Sample

    211113-x2ncjsfdd3

  • MD5

    10cb99fab4a2d03fb923bab83d64def6

  • SHA1

    c7966732d261bac2e2eb7de27f226be2ee1f7722

  • SHA256

    7c5469c3254fa9aed13789fcbfa40f777d735e8cf0a69b567e02f602aca1a36a

  • SHA512

    caf97449968e3043645aba8bc49962f6e72df9a2f4dcd0f466d033b7061c35bc4ce5dad40417d3af7632d9c80158b2e9fea063d249c7e7a83d8cf8462f5b6b33

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.ngrok.io:18639

Mutex

41f5514034963d4f4ec74e7595ac382c

Attributes
  • reg_key

    41f5514034963d4f4ec74e7595ac382c

  • splitter

    |'|'|

Targets

    • Target

      10cb99fab4a2d03fb923bab83d64def6.exe

    • Size

      178KB

    • MD5

      10cb99fab4a2d03fb923bab83d64def6

    • SHA1

      c7966732d261bac2e2eb7de27f226be2ee1f7722

    • SHA256

      7c5469c3254fa9aed13789fcbfa40f777d735e8cf0a69b567e02f602aca1a36a

    • SHA512

      caf97449968e3043645aba8bc49962f6e72df9a2f4dcd0f466d033b7061c35bc4ce5dad40417d3af7632d9c80158b2e9fea063d249c7e7a83d8cf8462f5b6b33

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Discovery

System Information Discovery

1
T1082

Tasks