General

  • Target

    c602d4b2323e0a03a1c0e2ea65a407db2c0294da246357b936e1205b01f84c6e

  • Size

    266KB

  • Sample

    221014-hr6zkscfbj

  • MD5

    64b391c270c6a686e4a553d49f7e9791

  • SHA1

    665a01b18660af9349aa76fb0f6a090da1f87f40

  • SHA256

    c602d4b2323e0a03a1c0e2ea65a407db2c0294da246357b936e1205b01f84c6e

  • SHA512

    6a24b576e2d7543285c645875fdf8b05b47ca6c770ff49e31520a31f889f30b39c0950a1a202b813804ce35c4ee9e8e24f41380265501ceac5b0d1451a8f390f

  • SSDEEP

    3072:2/vGHqJLx6B/CRLdhHp5GWp1icKAArDZz4N9GhbkrNEk47SjgfLWNeL5iLpRGT62:KWqA/eRlp0yN90QENZmCgRk

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DIAS T4NN3D

C2

idsdias.no-ip.org:2126

Mutex

9372708f706295353e47d9dea6b58552

Attributes
  • reg_key

    9372708f706295353e47d9dea6b58552

  • splitter

    |'|'|

Targets

    • Target

      c602d4b2323e0a03a1c0e2ea65a407db2c0294da246357b936e1205b01f84c6e

    • Size

      266KB

    • MD5

      64b391c270c6a686e4a553d49f7e9791

    • SHA1

      665a01b18660af9349aa76fb0f6a090da1f87f40

    • SHA256

      c602d4b2323e0a03a1c0e2ea65a407db2c0294da246357b936e1205b01f84c6e

    • SHA512

      6a24b576e2d7543285c645875fdf8b05b47ca6c770ff49e31520a31f889f30b39c0950a1a202b813804ce35c4ee9e8e24f41380265501ceac5b0d1451a8f390f

    • SSDEEP

      3072:2/vGHqJLx6B/CRLdhHp5GWp1icKAArDZz4N9GhbkrNEk47SjgfLWNeL5iLpRGT62:KWqA/eRlp0yN90QENZmCgRk

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks