General

  • Target

    Neironka.exe

  • Size

    39KB

  • Sample

    240228-2cre5afd2t

  • MD5

    6d6279f8865426ea33d2453ec643c6d8

  • SHA1

    5ff7ae59215460ee4c3a48291dc5ec8f4b009a1d

  • SHA256

    abb16828f2ac53b4a92aa200510f07eafc2c1653c7623d311a8b1f51c005b7e3

  • SHA512

    938bbaa2f8f676d52bbcc899e4daaaa21f5d28a03b0d0544c3cd60813558dbcc523fc8d1a203f6e73d78ca97f88d35077af4c651efba8c7d7f9ac8bf549a0949

  • SSDEEP

    768:VvAyF9azf9PxaGfPf42ORzw7AeGSR30o+UJH9tE82Q80u6Yv6JMoJx7l++i9:iy6f9PgG3f91AeGSRL9m82Z0vJRx7l+X

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:666

Mutex

notpad.exe

Attributes
  • reg_key

    notpad.exe

  • splitter

    |Ghost|

Targets

    • Target

      Neironka.exe

    • Size

      39KB

    • MD5

      6d6279f8865426ea33d2453ec643c6d8

    • SHA1

      5ff7ae59215460ee4c3a48291dc5ec8f4b009a1d

    • SHA256

      abb16828f2ac53b4a92aa200510f07eafc2c1653c7623d311a8b1f51c005b7e3

    • SHA512

      938bbaa2f8f676d52bbcc899e4daaaa21f5d28a03b0d0544c3cd60813558dbcc523fc8d1a203f6e73d78ca97f88d35077af4c651efba8c7d7f9ac8bf549a0949

    • SSDEEP

      768:VvAyF9azf9PxaGfPf42ORzw7AeGSR30o+UJH9tE82Q80u6Yv6JMoJx7l++i9:iy6f9PgG3f91AeGSRL9m82Z0vJRx7l+X

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks