Resubmissions

22/08/2023, 20:18

230822-y3bwksgf7w 10

22/08/2023, 20:14

230822-y1c1vsgf61 10

22/08/2023, 20:09

230822-yxa24agf6s 1

General

  • Target

    https://disk.yandex.ru/d/f8BWX4x3KHjTYA

  • Sample

    230822-y1c1vsgf61

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:13699

Mutex

a2b359686b88b829e368bf9d7166f810

Attributes
  • reg_key

    a2b359686b88b829e368bf9d7166f810

  • splitter

    |'|'|

Targets

    • Target

      https://disk.yandex.ru/d/f8BWX4x3KHjTYA

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks