General

  • Target

    fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477

  • Size

    22KB

  • Sample

    221123-pr8lqsca86

  • MD5

    065150088150b601763bf6eb32529efd

  • SHA1

    5e28035fff3f76c5cb753748006653f88f888cad

  • SHA256

    fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477

  • SHA512

    acaae4845b207be7f319da13d0f95af7ad374a56587ea35e8c4181c47a7e8eb46407b2364104a8a01c8f3dd2e60aaa5eeaf1069fa85df6dfc9c187c7b4d22488

  • SSDEEP

    384:4sqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5D8mRvR6JZlbw8hqIusZzZRFz:vf65K2Yf1jlRpcnuU

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

ebo000000.ddns.net:5553

Mutex

a4458faf28727c8f585dd4dc76455384

Attributes
  • reg_key

    a4458faf28727c8f585dd4dc76455384

  • splitter

    |'|'|

Targets

    • Target

      fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477

    • Size

      22KB

    • MD5

      065150088150b601763bf6eb32529efd

    • SHA1

      5e28035fff3f76c5cb753748006653f88f888cad

    • SHA256

      fff7d5f26c4357c5f731b0174b542b40d48265dac20d387993be6e708950a477

    • SHA512

      acaae4845b207be7f319da13d0f95af7ad374a56587ea35e8c4181c47a7e8eb46407b2364104a8a01c8f3dd2e60aaa5eeaf1069fa85df6dfc9c187c7b4d22488

    • SSDEEP

      384:4sqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5D8mRvR6JZlbw8hqIusZzZRFz:vf65K2Yf1jlRpcnuU

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks