General

  • Target

    0411c097c4782cc546edefc9d61b8f1c5b2eb9dfd52b218d71b0379c069b073e

  • Size

    177KB

  • Sample

    220124-e2bpmsbhb9

  • MD5

    81b910bed85a80781aafadde79832405

  • SHA1

    a20d3e5f8e3fd9a06edebe9d9bfaf48e500a9810

  • SHA256

    0411c097c4782cc546edefc9d61b8f1c5b2eb9dfd52b218d71b0379c069b073e

  • SHA512

    c15f9edbb9e51fdf88fee6ac17e67dd2b63bbef901c7eaa8c0d4505c5ccbe252637d576ba1d28f16204b9b33a381daf3c573efa1c29dd0aa444a2166886641ff

Score
10/10

Malware Config

Extracted

Family

njrat

Version

Hallaj PRO Rat [Fixed]

Botnet

HacKed

C2

voly.ddns.net:81

Mutex

300f2ef33b4edc11780392d2a3c73606

Attributes
  • reg_key

    300f2ef33b4edc11780392d2a3c73606

  • splitter

    boolLove

Targets

    • Target

      0411c097c4782cc546edefc9d61b8f1c5b2eb9dfd52b218d71b0379c069b073e

    • Size

      177KB

    • MD5

      81b910bed85a80781aafadde79832405

    • SHA1

      a20d3e5f8e3fd9a06edebe9d9bfaf48e500a9810

    • SHA256

      0411c097c4782cc546edefc9d61b8f1c5b2eb9dfd52b218d71b0379c069b073e

    • SHA512

      c15f9edbb9e51fdf88fee6ac17e67dd2b63bbef901c7eaa8c0d4505c5ccbe252637d576ba1d28f16204b9b33a381daf3c573efa1c29dd0aa444a2166886641ff

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks