Resubmissions

05-03-2023 10:32

230305-mk95wagc54 10

26-02-2023 16:19

230226-tstleshc4z 10

26-02-2023 16:16

230226-tq2t1shc4s 10

26-02-2023 16:07

230226-tk2bashd66 10

26-02-2023 15:50

230226-taa2cshb61 10

26-02-2023 15:19

230226-sqhwgahc64 10

General

  • Target

    ChatgptHelper.bin.zip

  • Size

    16KB

  • Sample

    230226-tstleshc4z

  • MD5

    08480329b811e7d893d69964f42d04e7

  • SHA1

    a6749bd149d476ecfd0ac7453d9bfeae39579325

  • SHA256

    21373a6d949a357dd7cab0df39490d440415d0887316430771923547f65a349c

  • SHA512

    79180bd8711e70feae33050423092e0be2f8b39390db493a81e5361c5283a7c34a29780d097a2b56d9c3a6b4cdc513259118ad4152ee8e75b2e8aba9f62c3570

  • SSDEEP

    384:wHIDNXyAoto5djCYNTq7OAZVTvWuK/sHpHLgD7jGMb5YAlbQ:wyNXyudm7O4Tuf8ponXZQ

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:19698

Mutex

330867499299d35c5dff831d5c393122

Attributes
  • reg_key

    330867499299d35c5dff831d5c393122

  • splitter

    |'|'|

Targets

    • Target

      ChatgptHelper.bin

    • Size

      36KB

    • MD5

      b50645ca6885b8f2dfd3571eae7afd1e

    • SHA1

      2bc22b2fe4b75825deff008634390661b7802de5

    • SHA256

      2a03b714a7d8a52e79746c1bb5fd0a08615f526d6390272d5678fa452846840a

    • SHA512

      cd7eb7f8bbd4d3b30d7fd3d51f57f2202dbd3949463ec225df6b5c4c64f3cad9bb0f4e173c996cfde570877edf23600937ca5eaba8180083d92d9c83019338c0

    • SSDEEP

      384:of+Nb7LsikZ9zNf/1uyU71evdjsOaP0rAF+rMRTyN/0L+EcoinblneHQM3epzX4F:lNf4l1lU71e9FacrM+rMRa8Nu2Pt

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Program crash

MITRE ATT&CK Enterprise v6

Tasks