General

  • Target

    PH9jefkj.exe

  • Size

    37KB

  • Sample

    211212-xgyb1sdgdj

  • MD5

    f6251732b4bf312672d9dde78134eaf2

  • SHA1

    858dee5a0ea51eb25495ce9db3fc7975be3c1aac

  • SHA256

    a3ee9ac3edd5ece7b4c02143421f478e48f45ae733f14537ef8bd04e59250d1c

  • SHA512

    4e6e70151e982d281013848759722bdc3acd43c495713de4d309b3acd341b9e655e59873e98f8f203f7f3b0d44cb3d3945efd92247cbbfd293f17a42b7362675

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:99

Mutex

aa4089dfc7bb54b7fb8176851e23da42

Attributes
  • reg_key

    aa4089dfc7bb54b7fb8176851e23da42

  • splitter

    |'|'|

Targets

    • Target

      PH9jefkj.exe

    • Size

      37KB

    • MD5

      f6251732b4bf312672d9dde78134eaf2

    • SHA1

      858dee5a0ea51eb25495ce9db3fc7975be3c1aac

    • SHA256

      a3ee9ac3edd5ece7b4c02143421f478e48f45ae733f14537ef8bd04e59250d1c

    • SHA512

      4e6e70151e982d281013848759722bdc3acd43c495713de4d309b3acd341b9e655e59873e98f8f203f7f3b0d44cb3d3945efd92247cbbfd293f17a42b7362675

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks