General

  • Target

    Neironka.exe

  • Size

    39KB

  • Sample

    240228-2bw9zsfd43

  • MD5

    a91d2aaab4f36c0b1560082585b3bfbd

  • SHA1

    813a9a950fc8a323569261007ad9264c78e2689b

  • SHA256

    8256bf36ae9eebbea391992a4a86ada3a8f28804b66836c0e71efc70d8ba1d40

  • SHA512

    4b1306ed2982c49680d09a91867b6b1e4b0cc296ec4b0ac87a7a5ff8dc24738f4f67ed38b0284419c45109109209888a951ec2832da9bfc43299092cbf2b95fb

  • SSDEEP

    768:VvAmF9aizDb35MhhEWky2lZKpxybbRaP5Wo/29UfeYftQxZ:imxTyhhE5yoY4vRGz/290f6xZ

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:6522

Mutex

notpad.exe

Attributes
  • reg_key

    notpad.exe

  • splitter

    |Ghost|

Targets

    • Target

      Neironka.exe

    • Size

      39KB

    • MD5

      a91d2aaab4f36c0b1560082585b3bfbd

    • SHA1

      813a9a950fc8a323569261007ad9264c78e2689b

    • SHA256

      8256bf36ae9eebbea391992a4a86ada3a8f28804b66836c0e71efc70d8ba1d40

    • SHA512

      4b1306ed2982c49680d09a91867b6b1e4b0cc296ec4b0ac87a7a5ff8dc24738f4f67ed38b0284419c45109109209888a951ec2832da9bfc43299092cbf2b95fb

    • SSDEEP

      768:VvAmF9aizDb35MhhEWky2lZKpxybbRaP5Wo/29UfeYftQxZ:imxTyhhE5yoY4vRGz/290f6xZ

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks