General

  • Target

    acbcd1620d163a6e6bab54e2147acacf

  • Size

    212KB

  • Sample

    240228-yvwk1scf2v

  • MD5

    acbcd1620d163a6e6bab54e2147acacf

  • SHA1

    07ac0a05d8646789052b5d6a8c4ef66b3eebe665

  • SHA256

    05f1cb306e643e55f3a92ef77635bd78258fb058283fb234e845592c5ce84c9c

  • SHA512

    70e4ef7b24bab9e86c6c5545d6afff0751b1c2240560a43f39b3b5d90816beabef645d039eb45d4da611495a66c838e044b7614de8da20aff7017954c2c99db0

  • SSDEEP

    3072:4Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLOYP:4JPgv7wJZ87wBjYI1IUwrIOZyxP

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      acbcd1620d163a6e6bab54e2147acacf

    • Size

      212KB

    • MD5

      acbcd1620d163a6e6bab54e2147acacf

    • SHA1

      07ac0a05d8646789052b5d6a8c4ef66b3eebe665

    • SHA256

      05f1cb306e643e55f3a92ef77635bd78258fb058283fb234e845592c5ce84c9c

    • SHA512

      70e4ef7b24bab9e86c6c5545d6afff0751b1c2240560a43f39b3b5d90816beabef645d039eb45d4da611495a66c838e044b7614de8da20aff7017954c2c99db0

    • SSDEEP

      3072:4Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLOYP:4JPgv7wJZ87wBjYI1IUwrIOZyxP

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks