General
-
Target
Server.exe
-
Size
37KB
-
Sample
231226-s55c1seccl
-
MD5
c5dafabbdca106e67d5cb84874c23303
-
SHA1
8126ac3e70aafc5ba501f2d8377693f481501254
-
SHA256
89a98267e8ef044b4863140f7b4457e76a8164bc7e0f584888d86e4b7705154f
-
SHA512
764e45ed7f76df058cf74925538b0407a8c0ccc6912a91777621fca59e49c9ec5166ed113ee138a1a14f2747b6a24eafbfa6b66ae4881cd73d3effe1fa23b38a
-
SSDEEP
384:PHjZBj6icrri5Z7JAyk/o4YPTvZeKgdSrAF+rMRTyN/0L+EcoinblneHQM3epzXb:/jnHJ7k/o4YjZ7gUrM+rMRa8NuxBt
Malware Config
Extracted
njrat
im523
every-unnecessary.gl.at.ply.gg:41021
4f13e39aa6ceed1b416727928cf46f71
-
reg_key
4f13e39aa6ceed1b416727928cf46f71
-
splitter
|'|'|
Targets
-
-
Target
Server.exe
-
Size
37KB
-
MD5
c5dafabbdca106e67d5cb84874c23303
-
SHA1
8126ac3e70aafc5ba501f2d8377693f481501254
-
SHA256
89a98267e8ef044b4863140f7b4457e76a8164bc7e0f584888d86e4b7705154f
-
SHA512
764e45ed7f76df058cf74925538b0407a8c0ccc6912a91777621fca59e49c9ec5166ed113ee138a1a14f2747b6a24eafbfa6b66ae4881cd73d3effe1fa23b38a
-
SSDEEP
384:PHjZBj6icrri5Z7JAyk/o4YPTvZeKgdSrAF+rMRTyN/0L+EcoinblneHQM3epzXb:/jnHJ7k/o4YjZ7gUrM+rMRa8NuxBt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1