General

  • Target

    Client10.exe

  • Size

    93KB

  • Sample

    240301-yxmqwscg75

  • MD5

    d8f48341891ed36e7990196a16f1bb41

  • SHA1

    e4f1184c0acb5e170e3a30a312472211d049be39

  • SHA256

    d0cc330a55972ee0f77179d13ec506e203c5b37ccdba0a4c3fbcd9453926ccd5

  • SHA512

    4df57bb348f0ba670be5e23a327f0efdfc6fde5c5ce790969924328d29a335fb042cde555b8f7f5b6c61aab36dd9b2770b551871236915317255b48248f8662e

  • SSDEEP

    768:cY3/upD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3GsG+:ruLOx6baIa9RPj00ljEwzGi1dDCDQgS

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:2225

Mutex

0dad89d1b631c942c864ee3dff21ae1c

Attributes
  • reg_key

    0dad89d1b631c942c864ee3dff21ae1c

  • splitter

    |'|'|

Targets

    • Target

      Client10.exe

    • Size

      93KB

    • MD5

      d8f48341891ed36e7990196a16f1bb41

    • SHA1

      e4f1184c0acb5e170e3a30a312472211d049be39

    • SHA256

      d0cc330a55972ee0f77179d13ec506e203c5b37ccdba0a4c3fbcd9453926ccd5

    • SHA512

      4df57bb348f0ba670be5e23a327f0efdfc6fde5c5ce790969924328d29a335fb042cde555b8f7f5b6c61aab36dd9b2770b551871236915317255b48248f8662e

    • SSDEEP

      768:cY3/upD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3GsG+:ruLOx6baIa9RPj00ljEwzGi1dDCDQgS

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks