General

  • Target

    ae73bdc4a2a838cfd473516f71256775.exe

  • Size

    23KB

  • Sample

    220104-yktcxahdh4

  • MD5

    ae73bdc4a2a838cfd473516f71256775

  • SHA1

    131baeeb082a9686e439037d68b25511704afdca

  • SHA256

    038dd8b7ccee6add96f34b54f715dc14dfc1718c47bf65370e2e3be883924721

  • SHA512

    cffacc16e3ec4b58d9929195a478f3154aa0b468141f891360c8b226a15d50264321ef42c1ba8deceb0a5448fc60ae25aae18194e88e9f14a3ffe2813b0db445

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

victim

C2

maxmax321.ddns.net:1177

Mutex

8b94dab96779834ab91c92bf9ca487ba

Attributes
  • reg_key

    8b94dab96779834ab91c92bf9ca487ba

  • splitter

    |'|'|

Targets

    • Target

      ae73bdc4a2a838cfd473516f71256775.exe

    • Size

      23KB

    • MD5

      ae73bdc4a2a838cfd473516f71256775

    • SHA1

      131baeeb082a9686e439037d68b25511704afdca

    • SHA256

      038dd8b7ccee6add96f34b54f715dc14dfc1718c47bf65370e2e3be883924721

    • SHA512

      cffacc16e3ec4b58d9929195a478f3154aa0b468141f891360c8b226a15d50264321ef42c1ba8deceb0a5448fc60ae25aae18194e88e9f14a3ffe2813b0db445

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks