General

  • Target

    af290b8ff78113678bd4828d9e446ad6

  • Size

    455KB

  • Sample

    240229-w1b3fsgg5z

  • MD5

    af290b8ff78113678bd4828d9e446ad6

  • SHA1

    68581f15f701792ef96e95bbfce8b072648b9a70

  • SHA256

    7cbea2906a3099a25b10fd3019a29a5b0f811181e99615dac59c807ff38f6a7a

  • SHA512

    9d895d28271bf392b0294eff8af6415a9d31683c848515ea1079f5612ea807ade6e22e58fe7bc3636a3238c68e2e0aaae49505629cecc02d7eb14eaddd456f05

  • SSDEEP

    6144:tdwYPCCUKFZbWo5xCQ70ThcE6f7fAwHLDjWoGhX1rv:tFfyEAqAp

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

doza122.con-ip.com:5552

Mutex

84398377c5556d3df54a82be74cfa960

Attributes
  • reg_key

    84398377c5556d3df54a82be74cfa960

  • splitter

    |'|'|

Targets

    • Target

      af290b8ff78113678bd4828d9e446ad6

    • Size

      455KB

    • MD5

      af290b8ff78113678bd4828d9e446ad6

    • SHA1

      68581f15f701792ef96e95bbfce8b072648b9a70

    • SHA256

      7cbea2906a3099a25b10fd3019a29a5b0f811181e99615dac59c807ff38f6a7a

    • SHA512

      9d895d28271bf392b0294eff8af6415a9d31683c848515ea1079f5612ea807ade6e22e58fe7bc3636a3238c68e2e0aaae49505629cecc02d7eb14eaddd456f05

    • SSDEEP

      6144:tdwYPCCUKFZbWo5xCQ70ThcE6f7fAwHLDjWoGhX1rv:tFfyEAqAp

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks