General

  • Target

    60ce543102c48a9700274dbdb980d46397062a1323416b9b8b9202342a2424f1

  • Size

    208KB

  • Sample

    221019-svxv7aeadk

  • MD5

    a2251f05c5c83784fb16102a8f3b77f0

  • SHA1

    061ea47baf8ef7eda67c7d5af559f17df50a92dc

  • SHA256

    60ce543102c48a9700274dbdb980d46397062a1323416b9b8b9202342a2424f1

  • SHA512

    339601588958024a402a778970459cfe1c8192e6909f95d23f3e821abc38c18e93e077f3fa5b6806d8f951fa6afd399efefb084e8395162432f4c8ab46df50da

  • SSDEEP

    6144:P1VaBHUB2HtM0Nzqdkho5fMq6taZHC2Ys:faFUB2POiKNIaZ3Ys

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

hack

C2

127.0.0.1:1177

Mutex

ba4c12bee3027d94da5c81db2d196bfd

Attributes
  • reg_key

    ba4c12bee3027d94da5c81db2d196bfd

  • splitter

    |'|'|

Targets

    • Target

      60ce543102c48a9700274dbdb980d46397062a1323416b9b8b9202342a2424f1

    • Size

      208KB

    • MD5

      a2251f05c5c83784fb16102a8f3b77f0

    • SHA1

      061ea47baf8ef7eda67c7d5af559f17df50a92dc

    • SHA256

      60ce543102c48a9700274dbdb980d46397062a1323416b9b8b9202342a2424f1

    • SHA512

      339601588958024a402a778970459cfe1c8192e6909f95d23f3e821abc38c18e93e077f3fa5b6806d8f951fa6afd399efefb084e8395162432f4c8ab46df50da

    • SSDEEP

      6144:P1VaBHUB2HtM0Nzqdkho5fMq6taZHC2Ys:faFUB2POiKNIaZ3Ys

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks