General

  • Target

    a88675b6bd37faff8ac76d0b3dd15cca

  • Size

    27KB

  • Sample

    240227-htwxdsbe5t

  • MD5

    a88675b6bd37faff8ac76d0b3dd15cca

  • SHA1

    acca891f9da218eaee8cc79ad22909efba3575a6

  • SHA256

    d628e7a54d5069605f2e2b3226818d2f3343973b87e1e4a15943c9792e7f1d97

  • SHA512

    c671cadd2e649a4ee46f4020134b7129818582c1baf8253b70a29214e85da03710d59761a641339697152adad0e23aea5e5cdd42f59c91fe7f94c153783c2dd9

  • SSDEEP

    384:TLMi5SRvT/nmgEiKB5jHw/SORsP5emgMlAQk93vmhm7UMKmIEecKdbXTzm9bVhcf:3MOdt5oYlA/vMHTi9bD

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

sific227asmm.ddns.net:1194

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      a88675b6bd37faff8ac76d0b3dd15cca

    • Size

      27KB

    • MD5

      a88675b6bd37faff8ac76d0b3dd15cca

    • SHA1

      acca891f9da218eaee8cc79ad22909efba3575a6

    • SHA256

      d628e7a54d5069605f2e2b3226818d2f3343973b87e1e4a15943c9792e7f1d97

    • SHA512

      c671cadd2e649a4ee46f4020134b7129818582c1baf8253b70a29214e85da03710d59761a641339697152adad0e23aea5e5cdd42f59c91fe7f94c153783c2dd9

    • SSDEEP

      384:TLMi5SRvT/nmgEiKB5jHw/SORsP5emgMlAQk93vmhm7UMKmIEecKdbXTzm9bVhcf:3MOdt5oYlA/vMHTi9bD

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks