General

  • Target

    af7a066fd0f8019f24d87e5242cbc629

  • Size

    123KB

  • Sample

    240229-zzlr2scf3v

  • MD5

    af7a066fd0f8019f24d87e5242cbc629

  • SHA1

    c87326b2f5183e4db7a2847598454d5312487a0b

  • SHA256

    8439c9df064fdbfcae73b11a271f8b1e6f39d03a80fedd5872b15ca5a4d3a9f9

  • SHA512

    22b66434d06c62468e79628a7720134e033c72f9283a55b97c5a9a6ba04d063dd9a38d577e54f34659cebcbd7963b2559638e10d7f96edb18257aeccb7e60a77

  • SSDEEP

    3072:aX+UKi+caHs8qOHg4+s+NRBYVOgxrk0Pq:y2XHQCOgCm

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes
  • reg_key

    279f6960ed84a752570aca7fb2dc1552

  • splitter

    |'|'|

Targets

    • Target

      af7a066fd0f8019f24d87e5242cbc629

    • Size

      123KB

    • MD5

      af7a066fd0f8019f24d87e5242cbc629

    • SHA1

      c87326b2f5183e4db7a2847598454d5312487a0b

    • SHA256

      8439c9df064fdbfcae73b11a271f8b1e6f39d03a80fedd5872b15ca5a4d3a9f9

    • SHA512

      22b66434d06c62468e79628a7720134e033c72f9283a55b97c5a9a6ba04d063dd9a38d577e54f34659cebcbd7963b2559638e10d7f96edb18257aeccb7e60a77

    • SSDEEP

      3072:aX+UKi+caHs8qOHg4+s+NRBYVOgxrk0Pq:y2XHQCOgCm

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks