General

  • Target

    a6c258af41ba4806e49fb1acff81567a.exe

  • Size

    259KB

  • Sample

    220124-d6g7jsbdbq

  • MD5

    a6c258af41ba4806e49fb1acff81567a

  • SHA1

    8264f99a54cf67957decd9346bb6e0d3cc91af1e

  • SHA256

    75ab761cc1439789376140b0ce2baf9fd7f6090a4a177cfcffd6fae11ec93071

  • SHA512

    f21ced4af54da0041bea63316277726529f09af941effd34544d45d5a6e8e52e4eb3a515796715f85cbdd1d39be519ee4952812c10b064d577c4fb2fdcf1f31f

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

UziClicker

C2

perpetual-pollution.auto.playit.gg:54523

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      a6c258af41ba4806e49fb1acff81567a.exe

    • Size

      259KB

    • MD5

      a6c258af41ba4806e49fb1acff81567a

    • SHA1

      8264f99a54cf67957decd9346bb6e0d3cc91af1e

    • SHA256

      75ab761cc1439789376140b0ce2baf9fd7f6090a4a177cfcffd6fae11ec93071

    • SHA512

      f21ced4af54da0041bea63316277726529f09af941effd34544d45d5a6e8e52e4eb3a515796715f85cbdd1d39be519ee4952812c10b064d577c4fb2fdcf1f31f

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Discovery

System Information Discovery

1
T1082

Tasks