General

  • Target

    sniif.Scr

  • Size

    816KB

  • Sample

    240127-tsrrtshdcl

  • MD5

    307e9f20e28312dc72fcef348272b97d

  • SHA1

    64c755cc253d2bd8db2aeb9968070a3150625a45

  • SHA256

    94bc5f862a6a4b71ba591c3ab18bb08ea68907cd28667659e107d9c8c8e41b28

  • SHA512

    cbef748a6e406e2203f7d05d1eef140a84541520c21d816cf8b75171a79de60655e19be3c4c199f05e4c9c520e878f0e4e33adfe91cb8dbd99e1655b2406ba12

  • SSDEEP

    3072:I1QYi9bcppwFZaa38xU7LPs30r6/R6aEmay8VU7LPs30r6/R6aEPU6LgXH:Lj9bcza38xoCay8Vo7Up

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed By RqEb ;)

C2

17.ip.gl.ply.gg:46398

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      sniif.Scr

    • Size

      816KB

    • MD5

      307e9f20e28312dc72fcef348272b97d

    • SHA1

      64c755cc253d2bd8db2aeb9968070a3150625a45

    • SHA256

      94bc5f862a6a4b71ba591c3ab18bb08ea68907cd28667659e107d9c8c8e41b28

    • SHA512

      cbef748a6e406e2203f7d05d1eef140a84541520c21d816cf8b75171a79de60655e19be3c4c199f05e4c9c520e878f0e4e33adfe91cb8dbd99e1655b2406ba12

    • SSDEEP

      3072:I1QYi9bcppwFZaa38xU7LPs30r6/R6aEmay8VU7LPs30r6/R6aEPU6LgXH:Lj9bcza38xoCay8Vo7Up

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks