General

  • Target

    acb2fd14d13aaaad878671d171bebd14

  • Size

    216KB

  • Sample

    240228-yg4z8scd28

  • MD5

    acb2fd14d13aaaad878671d171bebd14

  • SHA1

    64bd51ffb881a2b3cf34e3a1dfaa9249680e7926

  • SHA256

    2e2c02a93104f2e41f1f47bf4102d2bfba61e020d1983fff4a30f7ba55921b30

  • SHA512

    e6f062b319e6f0f3176fd3cd349305ea6466d5b2b2b92bf8136dd0c2677e3494257ce11b13b156d93cc7395b6ecbfb116d3c34be2606c325828195b6d5f149b2

  • SSDEEP

    3072:jJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLCYP:jJPgv7wJZ87wBjYI1IUwrIOZylP

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      acb2fd14d13aaaad878671d171bebd14

    • Size

      216KB

    • MD5

      acb2fd14d13aaaad878671d171bebd14

    • SHA1

      64bd51ffb881a2b3cf34e3a1dfaa9249680e7926

    • SHA256

      2e2c02a93104f2e41f1f47bf4102d2bfba61e020d1983fff4a30f7ba55921b30

    • SHA512

      e6f062b319e6f0f3176fd3cd349305ea6466d5b2b2b92bf8136dd0c2677e3494257ce11b13b156d93cc7395b6ecbfb116d3c34be2606c325828195b6d5f149b2

    • SSDEEP

      3072:jJacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLCYP:jJPgv7wJZ87wBjYI1IUwrIOZylP

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks