General

  • Target

    Server.exe

  • Size

    40KB

  • Sample

    240229-xcvekahb6x

  • MD5

    d1daf0ac679059148648909a00fcd516

  • SHA1

    c3a5721be94d8b0399059de0b22ab9490f7e9fb6

  • SHA256

    97c92990e38fb05719839a6ff4c375bf20f41b1d0317a424d1cad2920ec6613b

  • SHA512

    1e4639c23bad25d6273bfb489c839f2673159dfd64443faaf8a692ad19b9346d415121c6489dee66dd305b59971bfed844a4d38aefb272f65486ecd780ea5ff0

  • SSDEEP

    384:mMKCWZ5xTAcZeMiO7k9zW067vgdTmZFDLRmRvR6JZlbw8hqIusZzZrxawiox9wYt:haZrF77boRpcnuuFiZh

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

984559f52d4087243e95e5ad9bb48e8d

Attributes
  • reg_key

    984559f52d4087243e95e5ad9bb48e8d

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      40KB

    • MD5

      d1daf0ac679059148648909a00fcd516

    • SHA1

      c3a5721be94d8b0399059de0b22ab9490f7e9fb6

    • SHA256

      97c92990e38fb05719839a6ff4c375bf20f41b1d0317a424d1cad2920ec6613b

    • SHA512

      1e4639c23bad25d6273bfb489c839f2673159dfd64443faaf8a692ad19b9346d415121c6489dee66dd305b59971bfed844a4d38aefb272f65486ecd780ea5ff0

    • SSDEEP

      384:mMKCWZ5xTAcZeMiO7k9zW067vgdTmZFDLRmRvR6JZlbw8hqIusZzZrxawiox9wYt:haZrF77boRpcnuuFiZh

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks