General

  • Target

    8a3aa1928ed7bf55985b9682e40406499efb3b0e13ec4b7b32dc33a8e653aa7a

  • Size

    31KB

  • Sample

    220524-vgylnsacd4

  • MD5

    f655787291ff31bd59f1ffe84f88e6f0

  • SHA1

    ab24818f55bf947eedb608cab1e433c43179b1e5

  • SHA256

    8a3aa1928ed7bf55985b9682e40406499efb3b0e13ec4b7b32dc33a8e653aa7a

  • SHA512

    0b68a8eca484c75455ad3cce3345678b2e11b05e891b688497f44bfdc64000a0964c4c86c6040db11fe0138b8af02f1cc27ab20e1b9c30f417321d7f3694d6d9

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Bot

C2

81.24.179:212:6522

Mutex

c131bf502fd0132beb20b6ff08254fbd

Attributes
  • reg_key

    c131bf502fd0132beb20b6ff08254fbd

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      8a3aa1928ed7bf55985b9682e40406499efb3b0e13ec4b7b32dc33a8e653aa7a

    • Size

      31KB

    • MD5

      f655787291ff31bd59f1ffe84f88e6f0

    • SHA1

      ab24818f55bf947eedb608cab1e433c43179b1e5

    • SHA256

      8a3aa1928ed7bf55985b9682e40406499efb3b0e13ec4b7b32dc33a8e653aa7a

    • SHA512

      0b68a8eca484c75455ad3cce3345678b2e11b05e891b688497f44bfdc64000a0964c4c86c6040db11fe0138b8af02f1cc27ab20e1b9c30f417321d7f3694d6d9

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks