Description
Widely used RAT written in .NET.
9d46b723ec666db3e73ae900c474d660
General
Target
Size
Sample
9d46b723ec666db3e73ae900c474d660
290KB
220521-tqsaksabb2
Score
10 /10
MD5
SHA1
SHA256
SHA512
9d46b723ec666db3e73ae900c474d660
a801d00b65f847806ea5c2496c62efae283b3a94
80bb4f3c9e2ea5ea1ca55ffa2a5fd303058c240133d32b93e7c89a96712a5cba
4d26098cac7368afb62c41b3c9a06870f6ae3d1fe4883ba9a4d5755d9a2e363b2d8cba55ec637ab24362a32a2c4c362d0192659a5abd62f87c2f0b0a9ed3c9cc
Malware Config
Extracted
| Family | njrat |
| Version | im523 |
| Botnet | WormRATT |
| C2 |
178.33.93.88:1742 |
| Attributes |
reg_key 7869d44e9b90d6b1e669bf52c9e89c61
splitter |'|'| |
Targets
Target
MD5
Filesize
9d46b723ec666db3e73ae900c474d660
9d46b723ec666db3e73ae900c474d660
290KB
Score
10/10
SHA1
SHA256
SHA512
a801d00b65f847806ea5c2496c62efae283b3a94
80bb4f3c9e2ea5ea1ca55ffa2a5fd303058c240133d32b93e7c89a96712a5cba
4d26098cac7368afb62c41b3c9a06870f6ae3d1fe4883ba9a4d5755d9a2e363b2d8cba55ec637ab24362a32a2c4c362d0192659a5abd62f87c2f0b0a9ed3c9cc
Tags
Signatures
-
njRAT/Bladabindi
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
Tags
TTPs
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
Tags
TTPs
-
Drops autorun.inf file
Description
Malware can abuse Windows Autorun to spread further via attached volumes.
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation
Tasks