General

  • Target

    bEG2.exe

  • Size

    23KB

  • Sample

    220906-eqam7sefh2

  • MD5

    c84b5aa41ceb238a9b328e4521c2903d

  • SHA1

    6f75576e35f98544a7b938015a74498700aaacef

  • SHA256

    5ac858d76e8ff1f69dc3cc87f6fe63c705e73b91141468c2959aebaebeeeb5ed

  • SHA512

    0be8b058c02fe9429d5a742c859d4bf6b8f0a3fa78916d4be505d20e1a9eeb2e0f58a6aa3f7ea7d5b103465e3bd061ae21a7b30f27a48bdccc5b7a4bce2107e2

  • SSDEEP

    384:ZweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZTH:eLq411eRpcnuk

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

windowsii.duckdns.org:5552

Mutex

85faf5c90182f6391d389f3f4afec300

Attributes
  • reg_key

    85faf5c90182f6391d389f3f4afec300

  • splitter

    |'|'|

Targets

    • Target

      bEG2.exe

    • Size

      23KB

    • MD5

      c84b5aa41ceb238a9b328e4521c2903d

    • SHA1

      6f75576e35f98544a7b938015a74498700aaacef

    • SHA256

      5ac858d76e8ff1f69dc3cc87f6fe63c705e73b91141468c2959aebaebeeeb5ed

    • SHA512

      0be8b058c02fe9429d5a742c859d4bf6b8f0a3fa78916d4be505d20e1a9eeb2e0f58a6aa3f7ea7d5b103465e3bd061ae21a7b30f27a48bdccc5b7a4bce2107e2

    • SSDEEP

      384:ZweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZTH:eLq411eRpcnuk

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Tasks