General

  • Target

    b88e59a671c867f267518f0deb3ed811db8e0ffb28d686e607f21750c63a5d8d

  • Size

    26KB

  • Sample

    221003-b8hjzscfhn

  • MD5

    6b83c9f02abe3ce67e3d1b8c5f51d980

  • SHA1

    577ce124a5e939ba7a47aa6b2a11f85550dd42e1

  • SHA256

    b88e59a671c867f267518f0deb3ed811db8e0ffb28d686e607f21750c63a5d8d

  • SHA512

    9057e733e4a9ef5eeccccc95244e25adc0017e870aebe347afde8df58e8c74a5c682ec5a16184f978a612083f4de32c295fc065d23033bf89a686bf3b497122e

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

:D

C2

governmentservice.servebeer.com:20968

Attributes
reg_key
dd8213f1bf066875b4691b73b62514e4
splitter
|'|'|

Targets

    • Target

      b88e59a671c867f267518f0deb3ed811db8e0ffb28d686e607f21750c63a5d8d

    • Size

      26KB

    • MD5

      6b83c9f02abe3ce67e3d1b8c5f51d980

    • SHA1

      577ce124a5e939ba7a47aa6b2a11f85550dd42e1

    • SHA256

      b88e59a671c867f267518f0deb3ed811db8e0ffb28d686e607f21750c63a5d8d

    • SHA512

      9057e733e4a9ef5eeccccc95244e25adc0017e870aebe347afde8df58e8c74a5c682ec5a16184f978a612083f4de32c295fc065d23033bf89a686bf3b497122e

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation