General

  • Target

    4ac97876e13ba932cc9f7c00173fd958.exe

  • Size

    37KB

  • Sample

    230323-m4jr2afb66

  • MD5

    4ac97876e13ba932cc9f7c00173fd958

  • SHA1

    1c84938b4cf33bb6f4fd2cd5bf4734fda614bb6c

  • SHA256

    1c6935c5622b81350dffeed2f9fcd6c43645f73bb88d697d927495f45d02411b

  • SHA512

    4ec6852d9883f9ef932755a39fba1877e410e458a534718c42e6558ff38420b779e807bd408ae41396b60cacc983290fb75e5a7f8897728efff26624f2c844c5

  • SSDEEP

    384:LmOs0IiejvCVLO309QmykrtG+dA+VCwvOSifrAF+rMRTyN/0L+EcoinblneHQM32:RFdGdkrgYUwWS0rM+rMRa8NuL3t

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

5.tcp.eu.ngrok.io:12006

Mutex

f608a4eae87cfbfea6badcabc7c41ecd

Attributes
  • reg_key

    f608a4eae87cfbfea6badcabc7c41ecd

  • splitter

    |'|'|

Targets

    • Target

      4ac97876e13ba932cc9f7c00173fd958.exe

    • Size

      37KB

    • MD5

      4ac97876e13ba932cc9f7c00173fd958

    • SHA1

      1c84938b4cf33bb6f4fd2cd5bf4734fda614bb6c

    • SHA256

      1c6935c5622b81350dffeed2f9fcd6c43645f73bb88d697d927495f45d02411b

    • SHA512

      4ec6852d9883f9ef932755a39fba1877e410e458a534718c42e6558ff38420b779e807bd408ae41396b60cacc983290fb75e5a7f8897728efff26624f2c844c5

    • SSDEEP

      384:LmOs0IiejvCVLO309QmykrtG+dA+VCwvOSifrAF+rMRTyN/0L+EcoinblneHQM32:RFdGdkrgYUwWS0rM+rMRa8NuL3t

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Command and Control

Web Service

1
T1102

Tasks