General
-
Target
c0dbbc6e77a3b9cdad5563e7c814e053.exe
-
Size
37KB
-
Sample
230125-nmp36afh23
-
MD5
c0dbbc6e77a3b9cdad5563e7c814e053
-
SHA1
c814d27d1c1e7963c7d3ba533025918d70fc1ef2
-
SHA256
62723ed12c72ceb21bc77c63811f58ab082b36bd8487531d8b52e4de5030c7f1
-
SHA512
7f6bd0194165cc713a35139f1a342fe3150d0b53996985d8cb487b1c1cd9ea352d2d21941bd9f26920f73953185d814c9c95e976b82ccd1cd66fb50e6258364a
-
SSDEEP
384:OA0GK3hUidkcXR21cGMy8P4E5fXUFl6M0lrAF+rMRTyN/0L+EcoinblneHQM3ep:R0GK3rLGv8P4E58qMorM+rMRa8Nunmt
Malware Config
Extracted
njrat
im523
HacKed
104.22.32.240:443
-
reg_key
a1d3fe53d6645a42400095b4adec79f5
-
splitter
|'|'|
Targets
-
-
Target
c0dbbc6e77a3b9cdad5563e7c814e053.exe
-
Size
37KB
-
MD5
c0dbbc6e77a3b9cdad5563e7c814e053
-
SHA1
c814d27d1c1e7963c7d3ba533025918d70fc1ef2
-
SHA256
62723ed12c72ceb21bc77c63811f58ab082b36bd8487531d8b52e4de5030c7f1
-
SHA512
7f6bd0194165cc713a35139f1a342fe3150d0b53996985d8cb487b1c1cd9ea352d2d21941bd9f26920f73953185d814c9c95e976b82ccd1cd66fb50e6258364a
-
SSDEEP
384:OA0GK3hUidkcXR21cGMy8P4E5fXUFl6M0lrAF+rMRTyN/0L+EcoinblneHQM3ep:R0GK3rLGv8P4E58qMorM+rMRa8Nunmt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation