General

  • Target

    4faa43cc596cbb659a273c8ca441eaa07cd5360db5bd1332de1dc9e3a1b5edd6

  • Size

    4KB

  • Sample

    230129-1chmjsde27

  • MD5

    50d438b50ebdb25b055b1f1615ddb8d2

  • SHA1

    bb635be9c3e5ff8778aac9c87167046ebeefcbf6

  • SHA256

    4faa43cc596cbb659a273c8ca441eaa07cd5360db5bd1332de1dc9e3a1b5edd6

  • SHA512

    8918a9df9d96f21a0cc6684a67eb7db6f59bc49cd4382594ca7ab2533a3c541e451fef67c18ecbd0872080e7254dce2fc3e9d4272274fbb65e6430dabdb9312a

  • SSDEEP

    48:6oaAUyDFyChIYOwAFJ83LczguuGRFx955qBH:EQyUOa3LMgQHx9Dk

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Victime

C2

trip998877.hopto.org:1177

Mutex

a8e219248151eaf80194d2dc1b8a5945

Attributes
  • reg_key

    a8e219248151eaf80194d2dc1b8a5945

  • splitter

    |'|'|

Targets

    • Target

      4faa43cc596cbb659a273c8ca441eaa07cd5360db5bd1332de1dc9e3a1b5edd6

    • Size

      4KB

    • MD5

      50d438b50ebdb25b055b1f1615ddb8d2

    • SHA1

      bb635be9c3e5ff8778aac9c87167046ebeefcbf6

    • SHA256

      4faa43cc596cbb659a273c8ca441eaa07cd5360db5bd1332de1dc9e3a1b5edd6

    • SHA512

      8918a9df9d96f21a0cc6684a67eb7db6f59bc49cd4382594ca7ab2533a3c541e451fef67c18ecbd0872080e7254dce2fc3e9d4272274fbb65e6430dabdb9312a

    • SSDEEP

      48:6oaAUyDFyChIYOwAFJ83LczguuGRFx955qBH:EQyUOa3LMgQHx9Dk

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

System Information Discovery

1
T1082

Tasks