General

  • Target

    b747c6b460e7889f3749558f5ff1de40.exe

  • Size

    37KB

  • Sample

    240202-tmvarscchq

  • MD5

    b747c6b460e7889f3749558f5ff1de40

  • SHA1

    0429b693074333b3868999bf729de51b4a99e9fd

  • SHA256

    353997f259516820edcbc36cca00b2cef38392d772590000178f15e048d5283c

  • SHA512

    e662fdd67904f77827e5bc5d0df3948ed8c84adea67fee92496a818e55a02e00449290a14048af7c0bd6725fff4ad6fec80ce2301e42fb4fecd36b812fff8997

  • SSDEEP

    384:9niFqiUF54NLHdayszHdiPZDs2+TZrAF+rMRTyN/0L+EcoinblneHQM3epzXtNC+:8PZdJszHdiRV+NrM+rMRa8Nu7/t

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

ANtiloseX2

C2

6.tcp.eu.ngrok.io:11080

Mutex

88227111e3dea4cf10bf06162c93a0b9

Attributes
  • reg_key

    88227111e3dea4cf10bf06162c93a0b9

  • splitter

    |'|'|

Targets

    • Target

      b747c6b460e7889f3749558f5ff1de40.exe

    • Size

      37KB

    • MD5

      b747c6b460e7889f3749558f5ff1de40

    • SHA1

      0429b693074333b3868999bf729de51b4a99e9fd

    • SHA256

      353997f259516820edcbc36cca00b2cef38392d772590000178f15e048d5283c

    • SHA512

      e662fdd67904f77827e5bc5d0df3948ed8c84adea67fee92496a818e55a02e00449290a14048af7c0bd6725fff4ad6fec80ce2301e42fb4fecd36b812fff8997

    • SSDEEP

      384:9niFqiUF54NLHdayszHdiPZDs2+TZrAF+rMRTyN/0L+EcoinblneHQM3epzXtNC+:8PZdJszHdiRV+NrM+rMRa8Nu7/t

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks