General

  • Target

    d5116e86b06a8bd870f8c2fbdb47abadee25aca63f9d04fc382434db6638789f

  • Size

    31KB

  • Sample

    220524-r7a2hsafdm

  • MD5

    e3a3d49eff808da1555bba7f93359231

  • SHA1

    884087587b983e2a00cb3d562c35234ab48c3313

  • SHA256

    d5116e86b06a8bd870f8c2fbdb47abadee25aca63f9d04fc382434db6638789f

  • SHA512

    a048dc87887985e5cf950eaf2d2fc011a29951c32bda63b86fcf4e84853fb6742c40ba71e47732ce1a71a1a2cd0ccf8d300af06f885fa8741ca415637b91953e

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2

C2

192.168.0.3:6522

Mutex

7f96b54cb8cf7725bac857153740bdf1

Attributes
  • reg_key

    7f96b54cb8cf7725bac857153740bdf1

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      d5116e86b06a8bd870f8c2fbdb47abadee25aca63f9d04fc382434db6638789f

    • Size

      31KB

    • MD5

      e3a3d49eff808da1555bba7f93359231

    • SHA1

      884087587b983e2a00cb3d562c35234ab48c3313

    • SHA256

      d5116e86b06a8bd870f8c2fbdb47abadee25aca63f9d04fc382434db6638789f

    • SHA512

      a048dc87887985e5cf950eaf2d2fc011a29951c32bda63b86fcf4e84853fb6742c40ba71e47732ce1a71a1a2cd0ccf8d300af06f885fa8741ca415637b91953e

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks