General

  • Target

    3add4e65a8f8f8fd67492cf3be9731ddb873e0026076e206c81ebf8f797bdafe

  • Size

    365KB

  • Sample

    220703-w79masecd2

  • MD5

    cad6f63cc1f0dda7dd80ab09bfeb2770

  • SHA1

    16c80bf9a36956f4e9ad2bcda8264f3f701d3e2b

  • SHA256

    3add4e65a8f8f8fd67492cf3be9731ddb873e0026076e206c81ebf8f797bdafe

  • SHA512

    0f2003aee6f4508e8fdec90ae19ace1b0c64f13b6692984ab3f70643240af15866fa9a7b4c0cd5cd107e30d342f58a0eeda3733b92d3a2d65d630cafd447b036

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

165d6ed988ac1dbec1627a1ca9899d84

Attributes
  • reg_key

    165d6ed988ac1dbec1627a1ca9899d84

  • splitter

    |'|'|

Targets

    • Target

      3add4e65a8f8f8fd67492cf3be9731ddb873e0026076e206c81ebf8f797bdafe

    • Size

      365KB

    • MD5

      cad6f63cc1f0dda7dd80ab09bfeb2770

    • SHA1

      16c80bf9a36956f4e9ad2bcda8264f3f701d3e2b

    • SHA256

      3add4e65a8f8f8fd67492cf3be9731ddb873e0026076e206c81ebf8f797bdafe

    • SHA512

      0f2003aee6f4508e8fdec90ae19ace1b0c64f13b6692984ab3f70643240af15866fa9a7b4c0cd5cd107e30d342f58a0eeda3733b92d3a2d65d630cafd447b036

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Tasks