General

  • Target

    123acf74540b652a549c5d664b627663.exe

  • Size

    93KB

  • Sample

    230319-s7mkzsha46

  • MD5

    123acf74540b652a549c5d664b627663

  • SHA1

    57a8230ac3fa6fe42a563c3355aa0512f4939098

  • SHA256

    a7a1f3e3bfc8abc1006276f3cb3bdaa1ff697b9fde421d6d2a181165db11377e

  • SHA512

    95a94265a64087fe37e22d47a8f11499a036f9f8d949d83f86ac1af02267c83765c5bdc1ab53cb4ee9ed7db41bda854b2ee9931611a82e911e0b5317a44d1c19

  • SSDEEP

    768:rY30UBnkpjTMpALPGMtsas88EtNXhe9Y1mxCXxrjEtCdnl2pi1Rz4Rk3asGdpxgM:lURkVbPGHz88EbB1pjEwzGi1dDWDxgS

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

YXJ0LW5vdmVsdHkuYXQucGx5Lmdn:MjU1NjU=

Mutex

8a45c8c850efba42d799d8b1b94ad051

Attributes
  • reg_key

    8a45c8c850efba42d799d8b1b94ad051

  • splitter

    |'|'|

Targets

    • Target

      123acf74540b652a549c5d664b627663.exe

    • Size

      93KB

    • MD5

      123acf74540b652a549c5d664b627663

    • SHA1

      57a8230ac3fa6fe42a563c3355aa0512f4939098

    • SHA256

      a7a1f3e3bfc8abc1006276f3cb3bdaa1ff697b9fde421d6d2a181165db11377e

    • SHA512

      95a94265a64087fe37e22d47a8f11499a036f9f8d949d83f86ac1af02267c83765c5bdc1ab53cb4ee9ed7db41bda854b2ee9931611a82e911e0b5317a44d1c19

    • SSDEEP

      768:rY30UBnkpjTMpALPGMtsas88EtNXhe9Y1mxCXxrjEtCdnl2pi1Rz4Rk3asGdpxgM:lURkVbPGHz88EbB1pjEwzGi1dDWDxgS

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks