General

  • Target

    add8f6dd03aacc83d719d518343a9e3b150b6e23392c491c3ace8362b1c52740

  • Size

    1.4MB

  • Sample

    240229-gmd8bsgd2v

  • MD5

    0c60b1a48eede7936f7e894984766628

  • SHA1

    7ce52feaf3ecaf0ad52221cc9459f899b815716e

  • SHA256

    add8f6dd03aacc83d719d518343a9e3b150b6e23392c491c3ace8362b1c52740

  • SHA512

    488ed390795687d7ada4cce0dd6e37c15bd90ac931f4cd8c1303fd45cc1d0f232e4000e3266c10b952b48fd4487ffae2d9dd6ff3f6c782b51b032e59e3fadef3

  • SSDEEP

    24576:FxyPk6UTjOGV47qLLqD05TI2IaQb1R6Y7thybXWlGuWtEQh6lbts4ibHKl3pRNk/:O86UTjOk8qqD05iKXWqh6lbtKbW32dg1

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

homepage-allah.gl.at.ply.gg:30710

Mutex

4b5a58d27ce956d0deaa59c0a6172b2c

Attributes
  • reg_key

    4b5a58d27ce956d0deaa59c0a6172b2c

  • splitter

    |'|'|

Targets

    • Target

      add8f6dd03aacc83d719d518343a9e3b150b6e23392c491c3ace8362b1c52740

    • Size

      1.4MB

    • MD5

      0c60b1a48eede7936f7e894984766628

    • SHA1

      7ce52feaf3ecaf0ad52221cc9459f899b815716e

    • SHA256

      add8f6dd03aacc83d719d518343a9e3b150b6e23392c491c3ace8362b1c52740

    • SHA512

      488ed390795687d7ada4cce0dd6e37c15bd90ac931f4cd8c1303fd45cc1d0f232e4000e3266c10b952b48fd4487ffae2d9dd6ff3f6c782b51b032e59e3fadef3

    • SSDEEP

      24576:FxyPk6UTjOGV47qLLqD05TI2IaQb1R6Y7thybXWlGuWtEQh6lbts4ibHKl3pRNk/:O86UTjOk8qqD05iKXWqh6lbtKbW32dg1

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks