General

  • Target

    3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6

  • Size

    61KB

  • Sample

    221123-lm1tjsfb9s

  • MD5

    7de96407cfc936824dfe56e9d8ae8de4

  • SHA1

    277d62d7bc00b49e331c6eb92632434ff167bf4c

  • SHA256

    3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6

  • SHA512

    062f2d2e71ccc38cd3d7804f57f020a4c298981a3d2416244816616d184109abe2866ab00e55a895e2e754d3045945c593ba94d6a805c1de41d7d0bba0436617

  • SSDEEP

    768:sgR3hPtQhtOKMUJaUPhzpjL3nxgKBf+iAFscscGAy9vHHgOXFjGHnUQ/o:sgX6h8JUJaGvxb2spjZHgO1jR

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

kirkukihama.no-ip.biz:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6

    • Size

      61KB

    • MD5

      7de96407cfc936824dfe56e9d8ae8de4

    • SHA1

      277d62d7bc00b49e331c6eb92632434ff167bf4c

    • SHA256

      3b3b5ec3d2b79dc4e7efb5dce6d36e1fc921e4523945c997bf0e052498f5beb6

    • SHA512

      062f2d2e71ccc38cd3d7804f57f020a4c298981a3d2416244816616d184109abe2866ab00e55a895e2e754d3045945c593ba94d6a805c1de41d7d0bba0436617

    • SSDEEP

      768:sgR3hPtQhtOKMUJaUPhzpjL3nxgKBf+iAFscscGAy9vHHgOXFjGHnUQ/o:sgX6h8JUJaGvxb2spjZHgO1jR

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks