General

  • Target

    Server.exe

  • Size

    23KB

  • Sample

    220918-2jsa1aghal

  • MD5

    e11f216afce9ca74d6897e40d353a9cf

  • SHA1

    df6af477178f5adf2748ddf9d683678da5141dbc

  • SHA256

    c0c4d053e6645a77b6381a14c4c5e4c90fa9e317816d77e0ff49ef6a710e4e35

  • SHA512

    49b5d43b46882ea86dba0d2c56f771f5852c9a69cb4e339c0d6bce1d94a1ac222e54a13e688e7392bf9aa9e5f119a7adaf0f0e64ca40d0fb5b02ea97f4f86af6

  • SSDEEP

    384:+cqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZy/M:R30py6vhxaRpcnu8

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

185.243.115.3:4444

Mutex

30e472fa24e715e133b9d0f32ffd2e77

Attributes
  • reg_key

    30e472fa24e715e133b9d0f32ffd2e77

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      23KB

    • MD5

      e11f216afce9ca74d6897e40d353a9cf

    • SHA1

      df6af477178f5adf2748ddf9d683678da5141dbc

    • SHA256

      c0c4d053e6645a77b6381a14c4c5e4c90fa9e317816d77e0ff49ef6a710e4e35

    • SHA512

      49b5d43b46882ea86dba0d2c56f771f5852c9a69cb4e339c0d6bce1d94a1ac222e54a13e688e7392bf9aa9e5f119a7adaf0f0e64ca40d0fb5b02ea97f4f86af6

    • SSDEEP

      384:+cqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZy/M:R30py6vhxaRpcnu8

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Tasks