General

  • Target

    afafd761fca3040ae84089f372eb0286

  • Size

    213KB

  • Sample

    240229-2xmyfaeh5z

  • MD5

    afafd761fca3040ae84089f372eb0286

  • SHA1

    6d0a5bba208083b4c6e57b2d2838f65430433dc9

  • SHA256

    ae06ff1285db97ae73168ea0984cbcfedfbbc33821b292e533d55415ff6bc3e8

  • SHA512

    b354d25fbaae1091b64e16b4204c4f4b3466394b17bb8d6608e312f62368a36f91735a5c17405255f251984bedbe21ba6fdd6c115cd45b5c244bab489eaba147

  • SSDEEP

    3072:6Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLlYP:6JPgv7wJZ87wBjYI1IUwrIOZyCP

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacked

C2

abdo95.ddns.net:1177

Mutex

ed6e2bf930f6d35b3ac57c049d10ac2c

Attributes
  • reg_key

    ed6e2bf930f6d35b3ac57c049d10ac2c

  • splitter

    |'|'|

Targets

    • Target

      afafd761fca3040ae84089f372eb0286

    • Size

      213KB

    • MD5

      afafd761fca3040ae84089f372eb0286

    • SHA1

      6d0a5bba208083b4c6e57b2d2838f65430433dc9

    • SHA256

      ae06ff1285db97ae73168ea0984cbcfedfbbc33821b292e533d55415ff6bc3e8

    • SHA512

      b354d25fbaae1091b64e16b4204c4f4b3466394b17bb8d6608e312f62368a36f91735a5c17405255f251984bedbe21ba6fdd6c115cd45b5c244bab489eaba147

    • SSDEEP

      3072:6Jacj8v7wQ+ZGx7w8wjjP8I1IU8RjrzzvUWAOZjfKdLlYP:6JPgv7wJZ87wBjYI1IUwrIOZyCP

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks