General

  • Target

    c637382c266b87af51ee6c3b086b3e9acfa27cb83e0de7f457a07f5608cf63a1

  • Size

    23KB

  • Sample

    221125-3ez1qahe3y

  • MD5

    d116ef4d72d1f18eb289c90f6cdacc25

  • SHA1

    d489491a8abaa46f52becbc65b7c5281fb132a21

  • SHA256

    c637382c266b87af51ee6c3b086b3e9acfa27cb83e0de7f457a07f5608cf63a1

  • SHA512

    f923ce8efa7fe92815942f5aa61d40e40ff4323d6b6cfa46ab1db95a1bbb6e9479e969c419ae99367213d79f11b22f865e81e45938a3cb06462df1ac0b956db4

  • SSDEEP

    384:7pslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZ1t:76eEvwIlLMRpcnus

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

nahas.no-ip.org:200

Mutex

93cd846be1ac2a1f71172fcb9325576b

Attributes
  • reg_key

    93cd846be1ac2a1f71172fcb9325576b

  • splitter

    |'|'|

Targets

    • Target

      c637382c266b87af51ee6c3b086b3e9acfa27cb83e0de7f457a07f5608cf63a1

    • Size

      23KB

    • MD5

      d116ef4d72d1f18eb289c90f6cdacc25

    • SHA1

      d489491a8abaa46f52becbc65b7c5281fb132a21

    • SHA256

      c637382c266b87af51ee6c3b086b3e9acfa27cb83e0de7f457a07f5608cf63a1

    • SHA512

      f923ce8efa7fe92815942f5aa61d40e40ff4323d6b6cfa46ab1db95a1bbb6e9479e969c419ae99367213d79f11b22f865e81e45938a3cb06462df1ac0b956db4

    • SSDEEP

      384:7pslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZ1t:76eEvwIlLMRpcnus

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks