General

  • Target

    nikita_о (1).exe

  • Size

    91KB

  • Sample

    240204-qn5aksdabq

  • MD5

    09b4a05f909c61a665a2cef28e5446b9

  • SHA1

    8229819d49316ce151ce5a1297deae62e6ef8502

  • SHA256

    dbe98e518832e5c6611af2df7be37d7ba31a0e64bfdf2e2f0874fe8fe70181b0

  • SHA512

    776d2518db965bc53211283516b001a1a273647c6517a12fcc4e37ca74654b1a09ae19b70879918e33e875461f54630a39c8fde0476546f7075b6ce38cfa5537

  • SSDEEP

    1536:IH0RK+ufM3vdIXq7wnais4k6O7IFVR18pNv:20SM3vdIAWj5kIFVRqN

Score
10/10

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Targets

    • Target

      nikita_о (1).exe

    • Size

      91KB

    • MD5

      09b4a05f909c61a665a2cef28e5446b9

    • SHA1

      8229819d49316ce151ce5a1297deae62e6ef8502

    • SHA256

      dbe98e518832e5c6611af2df7be37d7ba31a0e64bfdf2e2f0874fe8fe70181b0

    • SHA512

      776d2518db965bc53211283516b001a1a273647c6517a12fcc4e37ca74654b1a09ae19b70879918e33e875461f54630a39c8fde0476546f7075b6ce38cfa5537

    • SSDEEP

      1536:IH0RK+ufM3vdIXq7wnais4k6O7IFVR18pNv:20SM3vdIAWj5kIFVRqN

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks