Resubmissions

04/02/2024, 15:51

240204-tasamsfefn 10

General

  • Target

    nursultan.exe

  • Size

    37KB

  • Sample

    240204-tasamsfefn

  • MD5

    9c329f869ba50f855982802a1eaecb07

  • SHA1

    26b54686e6a409b69a148f578c09ca63130032d7

  • SHA256

    62e96f36aeb5832a9928eb22929e4e63f0ee73e91c33b9ca0d8a65e6955786ac

  • SHA512

    e3d5c3170648d9a88d08995a9aaa3b34a038861e36699ae73431383224a21d710174d3f7a358f81f5876caff38375d6ee6e86e1e29d8fc48e0c1d873bffc2dca

  • SSDEEP

    384:VrejKicgMjn5xL5oyUi8Wn1ejvfP4YicderAF+rMRTyN/0L+EcoinblneHQM3ep7:le2f5DUi8Aejv41cgrM+rMRa8NuQOt

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

skillissuebro

C2

0.tcp.eu.ngrok:1704

io:1704

Mutex

815009731eb883dd4c0149a5fafef665

Attributes
  • reg_key

    815009731eb883dd4c0149a5fafef665

  • splitter

    |'|'|

Targets

    • Target

      nursultan.exe

    • Size

      37KB

    • MD5

      9c329f869ba50f855982802a1eaecb07

    • SHA1

      26b54686e6a409b69a148f578c09ca63130032d7

    • SHA256

      62e96f36aeb5832a9928eb22929e4e63f0ee73e91c33b9ca0d8a65e6955786ac

    • SHA512

      e3d5c3170648d9a88d08995a9aaa3b34a038861e36699ae73431383224a21d710174d3f7a358f81f5876caff38375d6ee6e86e1e29d8fc48e0c1d873bffc2dca

    • SSDEEP

      384:VrejKicgMjn5xL5oyUi8Wn1ejvfP4YicderAF+rMRTyN/0L+EcoinblneHQM3ep7:le2f5DUi8Aejv41cgrM+rMRa8NuQOt

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks