General

  • Target

    https://github.com/simalei/njRAT/releases/tag/v0.7D

  • Sample

    240223-zwawdaaa3z

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

a2e4fedbad6ea827f955576851f35c79

Attributes
  • reg_key

    a2e4fedbad6ea827f955576851f35c79

  • splitter

    |'|'|

Targets

    • Target

      https://github.com/simalei/njRAT/releases/tag/v0.7D

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks