General

  • Target

    bRce.exe

  • Size

    23KB

  • Sample

    231031-ep773sae26

  • MD5

    37bbdd80623474e7b479915629b4346e

  • SHA1

    a6ce0e8167530a7fdd57243a1fa551364e0e1943

  • SHA256

    7b98971fec556ad5d6e994853395525da068c2f3e1cfd92b6388c37934e14533

  • SHA512

    498160664478a1d134ee0ef1574ae1367c222f435bbf631566234ff5ed96b95fef1b7d9ce599e7c4ffc733fd2fd89e7ec971879e2beac51b51c0eb41b0a6bd9c

  • SSDEEP

    384:GcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZRsYC:J30py6vhxaRpcnu0hC

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

181.217.95.27:1024

Mutex

745fb02f1b6366ca13f958bd219cc7b3

Attributes
  • reg_key

    745fb02f1b6366ca13f958bd219cc7b3

  • splitter

    |'|'|

Targets

    • Target

      bRce.exe

    • Size

      23KB

    • MD5

      37bbdd80623474e7b479915629b4346e

    • SHA1

      a6ce0e8167530a7fdd57243a1fa551364e0e1943

    • SHA256

      7b98971fec556ad5d6e994853395525da068c2f3e1cfd92b6388c37934e14533

    • SHA512

      498160664478a1d134ee0ef1574ae1367c222f435bbf631566234ff5ed96b95fef1b7d9ce599e7c4ffc733fd2fd89e7ec971879e2beac51b51c0eb41b0a6bd9c

    • SSDEEP

      384:GcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZRsYC:J30py6vhxaRpcnu0hC

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Tasks