General

  • Target

    0cc7a8cdad7fc9218a554d2079b11a13cc9d52f845bfb697a2eda03d5f3b39d4

  • Size

    31KB

  • Sample

    220630-w1p93sfgej

  • MD5

    03243a04642c36e309045552cad5ecd6

  • SHA1

    9ae11f439b376d56ea5f1cc014f6d97ee0d8fc46

  • SHA256

    0cc7a8cdad7fc9218a554d2079b11a13cc9d52f845bfb697a2eda03d5f3b39d4

  • SHA512

    6f8d0b3a38dab73a89253b53e608d630594ab0c62d6556b26cfb59cd85514bac41f615bd347b5a2bb8cf175c39e8d5d02fc555e558613ec3e42318f0091c3263

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

hack

C2

127.0.0.1:777

Mutex

e2eb0124833362aa81dbc61961493aaa

Attributes
  • reg_key

    e2eb0124833362aa81dbc61961493aaa

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      0cc7a8cdad7fc9218a554d2079b11a13cc9d52f845bfb697a2eda03d5f3b39d4

    • Size

      31KB

    • MD5

      03243a04642c36e309045552cad5ecd6

    • SHA1

      9ae11f439b376d56ea5f1cc014f6d97ee0d8fc46

    • SHA256

      0cc7a8cdad7fc9218a554d2079b11a13cc9d52f845bfb697a2eda03d5f3b39d4

    • SHA512

      6f8d0b3a38dab73a89253b53e608d630594ab0c62d6556b26cfb59cd85514bac41f615bd347b5a2bb8cf175c39e8d5d02fc555e558613ec3e42318f0091c3263

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks