Resubmissions

26-08-2023 19:03

230826-xqhypacf65 8

26-08-2023 18:13

230826-wtzvyaec51 1

26-08-2023 18:03

230826-wm93bscd95 10

26-08-2023 18:03

230826-wm463sec3w 1

26-08-2023 18:00

230826-wlsfwscd78 10

26-08-2023 11:10

230826-m94z6ahf86 10

26-08-2023 11:04

230826-m6lz6sbe7t 10

General

  • Target

    http://t.me/excellent_stalcraft

  • Sample

    230826-wm93bscd95

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

mamasita

C2

hakim32.ddns.net:2000

ago-shopper.gl.at.ply.gg:33932

Mutex

e9b5d9adb3bd2d12b3b209e6217534e3

Attributes
  • reg_key

    e9b5d9adb3bd2d12b3b209e6217534e3

  • splitter

    |'|'|

Targets

    • Target

      http://t.me/excellent_stalcraft

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks