General
-
Target
2c57307860d41e2fe4c63eff46610984
-
Size
79KB
-
Sample
231231-hnz2vscfc9
-
MD5
2c57307860d41e2fe4c63eff46610984
-
SHA1
fd4019909baf41a003cc105dd004d83bc21a6516
-
SHA256
4f00f70a815773e39b5b0f4d9c85213bd905035c13adcddb7760220fe6f9833e
-
SHA512
8c4e233c1d43bf2a8f59749f01049c72a9104d8ba84d067d57b142eb83879be2ccaa7fdadabecd8ebb2151c5f7e1b27bf3b0b8312e54124aeaf0400accb70f19
-
SSDEEP
1536:8iYlBSVqR3TblSkWbWvrrKY/Xg8cb7yYot4w:/YOObaCLg8cbXod
Malware Config
Extracted
njrat
PISKA
53$79$73$74$65$6d$33$32
-
reg_key
53$79$73$74$65$6d$33$32
-
splitter
|-F-|
Targets
-
-
Target
2c57307860d41e2fe4c63eff46610984
-
Size
79KB
-
MD5
2c57307860d41e2fe4c63eff46610984
-
SHA1
fd4019909baf41a003cc105dd004d83bc21a6516
-
SHA256
4f00f70a815773e39b5b0f4d9c85213bd905035c13adcddb7760220fe6f9833e
-
SHA512
8c4e233c1d43bf2a8f59749f01049c72a9104d8ba84d067d57b142eb83879be2ccaa7fdadabecd8ebb2151c5f7e1b27bf3b0b8312e54124aeaf0400accb70f19
-
SSDEEP
1536:8iYlBSVqR3TblSkWbWvrrKY/Xg8cb7yYot4w:/YOObaCLg8cbXod
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1