General

  • Target

    aa0204ead1b751a640af20aa144e0fe6

  • Size

    263KB

  • Sample

    240227-yglhwsaa5s

  • MD5

    aa0204ead1b751a640af20aa144e0fe6

  • SHA1

    57e1b2e4b74a0eedcff6c956092aa286cf30bfa1

  • SHA256

    c649ee9f5c3b66c9fddea1e4b9f9384919d424e906d0d3959734fa58542130b3

  • SHA512

    6bfb4cb805d07e4a01584f13c286ef750fd595a1d9a9872bd22bfe92dee2f0ac43333b3c80614ba7f6a6084ba39051a774d2fac55238352d576fef8291e879d3

  • SSDEEP

    3072:9T6zcFjrcwawWyPsXbXrvFikDjOVwP6xsVFnjYhW4ENvgrCNMX+GYjTI7q/JRGb+:Z6z40xck4dkR1G

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

c9408f8343e24fe38e795c047e0fb85f

Attributes
  • reg_key

    c9408f8343e24fe38e795c047e0fb85f

  • splitter

    |'|'|

Targets

    • Target

      aa0204ead1b751a640af20aa144e0fe6

    • Size

      263KB

    • MD5

      aa0204ead1b751a640af20aa144e0fe6

    • SHA1

      57e1b2e4b74a0eedcff6c956092aa286cf30bfa1

    • SHA256

      c649ee9f5c3b66c9fddea1e4b9f9384919d424e906d0d3959734fa58542130b3

    • SHA512

      6bfb4cb805d07e4a01584f13c286ef750fd595a1d9a9872bd22bfe92dee2f0ac43333b3c80614ba7f6a6084ba39051a774d2fac55238352d576fef8291e879d3

    • SSDEEP

      3072:9T6zcFjrcwawWyPsXbXrvFikDjOVwP6xsVFnjYhW4ENvgrCNMX+GYjTI7q/JRGb+:Z6z40xck4dkR1G

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

MITRE ATT&CK Enterprise v15

Tasks