General

  • Target

    dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830

  • Size

    23KB

  • Sample

    220106-hptapsbaf6

  • MD5

    2fa7c63ebf9d914771859f491962d1c6

  • SHA1

    35e2a1c81246bf5f8db26f5cd3ceec4b204437ee

  • SHA256

    dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830

  • SHA512

    ca202dc03f07fbce078e93d9f4b6c58fdd1554e633e4ddb9aecfbce2dacd16dff2dda6a8063526926e445fa6f667020f2146ed78921f57213b10739d257cc5ef

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

stub.ignorelist.com:5552

Mutex

a9e33c55fed81c9768296d22e0804298

Attributes
  • reg_key

    a9e33c55fed81c9768296d22e0804298

  • splitter

    |'|'|

Targets

    • Target

      dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830

    • Size

      23KB

    • MD5

      2fa7c63ebf9d914771859f491962d1c6

    • SHA1

      35e2a1c81246bf5f8db26f5cd3ceec4b204437ee

    • SHA256

      dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830

    • SHA512

      ca202dc03f07fbce078e93d9f4b6c58fdd1554e633e4ddb9aecfbce2dacd16dff2dda6a8063526926e445fa6f667020f2146ed78921f57213b10739d257cc5ef

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks