General

  • Target

    6a2ed53d9c7f85aa838d95c34eaf8ea16acfa0ed1a989e6c2eb4f33a45d5fa30

  • Size

    23KB

  • Sample

    221123-lnp4fafc4t

  • MD5

    2bb520083b309e707cb5945078a222bf

  • SHA1

    e938d4a49e753851654bb38a0a3c76229a376644

  • SHA256

    6a2ed53d9c7f85aa838d95c34eaf8ea16acfa0ed1a989e6c2eb4f33a45d5fa30

  • SHA512

    7cb15aaaa9435259d47a0eafadb3dd68f3028d99412d6e50be4c3a3efd255a063f857deaf5c96e3cae5e8439403de5b9a192e161ca881abf76584072ebea0d72

  • SSDEEP

    384:q4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZsZ:YOaxVULRpcnuH

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

mohamadmanasha2.mooo.com:1177

Mutex

69302eabe39ac5984e1bddc55b165ff5

Attributes
  • reg_key

    69302eabe39ac5984e1bddc55b165ff5

  • splitter

    |'|'|

Targets

    • Target

      6a2ed53d9c7f85aa838d95c34eaf8ea16acfa0ed1a989e6c2eb4f33a45d5fa30

    • Size

      23KB

    • MD5

      2bb520083b309e707cb5945078a222bf

    • SHA1

      e938d4a49e753851654bb38a0a3c76229a376644

    • SHA256

      6a2ed53d9c7f85aa838d95c34eaf8ea16acfa0ed1a989e6c2eb4f33a45d5fa30

    • SHA512

      7cb15aaaa9435259d47a0eafadb3dd68f3028d99412d6e50be4c3a3efd255a063f857deaf5c96e3cae5e8439403de5b9a192e161ca881abf76584072ebea0d72

    • SSDEEP

      384:q4Q+SAN7uprgvM5OSUswZXg69gbm4hfpFmRvR6JZlbw8hqIusZzZsZ:YOaxVULRpcnuH

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks