General

  • Target

    Server.exe

  • Size

    23KB

  • Sample

    220910-xnnq6aecan

  • MD5

    0965ac2d0351b50b734991c11d465243

  • SHA1

    09be6d0493435046743276d2da934b85712ba28e

  • SHA256

    d8f66d5b7e2aafa589ee790e6babe7c22daa683d8a50272c7b18d42a250d6878

  • SHA512

    f75221b4e4f5a9ec524b66ee494e83bdd43fdbf7a7e741468105ee9a417a5e9a8ca60f903ab383f71a8083b373abc4f60f98a38ebb240868397881eb796a8ad6

  • SSDEEP

    384:TQeCITxTz/w8nEUeC9UBNM46VgDO61Ba6hRmRvR6JZlbw8hqIusZzZrq:E2brV93RpcnuV

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

165d6ed988ac1dbec1627a1ca9899d84

Attributes
  • reg_key

    165d6ed988ac1dbec1627a1ca9899d84

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      23KB

    • MD5

      0965ac2d0351b50b734991c11d465243

    • SHA1

      09be6d0493435046743276d2da934b85712ba28e

    • SHA256

      d8f66d5b7e2aafa589ee790e6babe7c22daa683d8a50272c7b18d42a250d6878

    • SHA512

      f75221b4e4f5a9ec524b66ee494e83bdd43fdbf7a7e741468105ee9a417a5e9a8ca60f903ab383f71a8083b373abc4f60f98a38ebb240868397881eb796a8ad6

    • SSDEEP

      384:TQeCITxTz/w8nEUeC9UBNM46VgDO61Ba6hRmRvR6JZlbw8hqIusZzZrq:E2brV93RpcnuV

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Tasks