General

  • Target

    Notpad.exe

  • Size

    39KB

  • Sample

    240228-2dywlafd86

  • MD5

    593f02ad15dbda4a76f7403b53e4c4dc

  • SHA1

    aa2d558b7dada115cb927d6c2a62b77f63137c19

  • SHA256

    a3e94a6f0006ecc2703d86b4de8528b270c60a9d3a0b6667c89487808d5009d0

  • SHA512

    59aa5047919bc4e48e8e479215e3b45e6272c17dff2ed111dfe2eaad07eebb03770dde72077bc9a36be386080fbb69d1733c045834c0527c284156cbad117410

  • SSDEEP

    768:VvARF98JTK48OqD7px5yjf8ckU4r5wL4Ei1vY+j0TqnihnabC:iRyKrLpx5UfA5wkEA90TqnsnabC

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:666

Mutex

notpad.exe

Attributes
  • reg_key

    notpad.exe

  • splitter

    |Ghost|

Targets

    • Target

      Notpad.exe

    • Size

      39KB

    • MD5

      593f02ad15dbda4a76f7403b53e4c4dc

    • SHA1

      aa2d558b7dada115cb927d6c2a62b77f63137c19

    • SHA256

      a3e94a6f0006ecc2703d86b4de8528b270c60a9d3a0b6667c89487808d5009d0

    • SHA512

      59aa5047919bc4e48e8e479215e3b45e6272c17dff2ed111dfe2eaad07eebb03770dde72077bc9a36be386080fbb69d1733c045834c0527c284156cbad117410

    • SSDEEP

      768:VvARF98JTK48OqD7px5yjf8ckU4r5wL4Ei1vY+j0TqnihnabC:iRyKrLpx5UfA5wkEA90TqnsnabC

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks