General

  • Target

    406141b4dcf4941a1ca6342b6cb7cbcf5f04fda10e67f77c2dbf47409f9e8ccf

  • Size

    23KB

  • Sample

    221123-lns54afc41

  • MD5

    d169c120b9c6fbabb175f1161067d6ce

  • SHA1

    c6dbd0d71f3c31982af14ff20640ead07d97d1c5

  • SHA256

    406141b4dcf4941a1ca6342b6cb7cbcf5f04fda10e67f77c2dbf47409f9e8ccf

  • SHA512

    d04781c57e3a5113e9f17ad9921f3f8e0870cd73211f04c09cc860bb18ebb3a617bc9a8fe71ede1b5052b89e6c01d822f1696775682a3310016efbb3e0838e20

  • SSDEEP

    384:4luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZdj:HOmhtIiRpcnuO

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

i-br.noip.me:1177

Mutex

096162c84c8a20735d7fce32fc6549c1

Attributes
  • reg_key

    096162c84c8a20735d7fce32fc6549c1

  • splitter

    |'|'|

Targets

    • Target

      406141b4dcf4941a1ca6342b6cb7cbcf5f04fda10e67f77c2dbf47409f9e8ccf

    • Size

      23KB

    • MD5

      d169c120b9c6fbabb175f1161067d6ce

    • SHA1

      c6dbd0d71f3c31982af14ff20640ead07d97d1c5

    • SHA256

      406141b4dcf4941a1ca6342b6cb7cbcf5f04fda10e67f77c2dbf47409f9e8ccf

    • SHA512

      d04781c57e3a5113e9f17ad9921f3f8e0870cd73211f04c09cc860bb18ebb3a617bc9a8fe71ede1b5052b89e6c01d822f1696775682a3310016efbb3e0838e20

    • SSDEEP

      384:4luBPiZCMfdfSJrQbsLRGSIxYVL46pg/i8BD9BmRvR6JZlbw8hqIusZzZdj:HOmhtIiRpcnuO

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks