General

  • Target

    57933F53BC7915A61CFED96F47ACDCB579117E9A3B746.exe

  • Size

    160KB

  • Sample

    220108-wlv7sadbf6

  • MD5

    70a2972e4036a8286119eff6e075e774

  • SHA1

    cdc711bcd37e5eadbaf716fac8a47e60a83edcf6

  • SHA256

    57933f53bc7915a61cfed96f47acdcb579117e9a3b7469812de2b8184e144f7c

  • SHA512

    fa621174207d995c57b2c3ffd56b152d2a57f60d4ecf141e11ce6d2b95daa1656e62b517b16cbd26d76475c17e00a92b468a78db4eda859a18ad32dc2a5200d6

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

system123.linkpc.net:5553

Mutex

c6ce44c1e8101a342e034dc764bc4f16

Attributes
  • reg_key

    c6ce44c1e8101a342e034dc764bc4f16

  • splitter

    |'|'|

Targets

    • Target

      57933F53BC7915A61CFED96F47ACDCB579117E9A3B746.exe

    • Size

      160KB

    • MD5

      70a2972e4036a8286119eff6e075e774

    • SHA1

      cdc711bcd37e5eadbaf716fac8a47e60a83edcf6

    • SHA256

      57933f53bc7915a61cfed96f47acdcb579117e9a3b7469812de2b8184e144f7c

    • SHA512

      fa621174207d995c57b2c3ffd56b152d2a57f60d4ecf141e11ce6d2b95daa1656e62b517b16cbd26d76475c17e00a92b468a78db4eda859a18ad32dc2a5200d6

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks