General

  • Target

    fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168

  • Size

    31KB

  • Sample

    220520-es2jpshdb8

  • MD5

    f2599c8241785a47e4a5e54628e15ee2

  • SHA1

    6126a67caf537bc201f5e8d56ca83d1d6f094e9a

  • SHA256

    fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168

  • SHA512

    e9b84b27669d85de7e9410a02f726024efd24cdad1c8d5840c03f433a97c70b20d1bf4bb3888caea3e82461214f5fb756a7ba9fdb634658b795d11494c872e1a

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

install

C2

2.132.107.223:6522

Attributes
reg_key
bd5be1175c6ff120fdbcfd0476b2cd35
splitter
Y262SUCZ4UJJ

Targets

    • Target

      fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168

    • Size

      31KB

    • MD5

      f2599c8241785a47e4a5e54628e15ee2

    • SHA1

      6126a67caf537bc201f5e8d56ca83d1d6f094e9a

    • SHA256

      fa21401f20cba55b974d46788986e56e2e385da3cdd9260872567036a70ce168

    • SHA512

      e9b84b27669d85de7e9410a02f726024efd24cdad1c8d5840c03f433a97c70b20d1bf4bb3888caea3e82461214f5fb756a7ba9fdb634658b795d11494c872e1a

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Privilege Escalation