General
-
Target
b8b3f7d84c7e47db900850a98648e225fa135f9ec59dcb1b6123c1ba2c701881
-
Size
385KB
-
Sample
240306-23l84abd87
-
MD5
4196a59f10b43921440543c917f554ca
-
SHA1
10bd8d5c3a4bb567e114cef625c1da913711b694
-
SHA256
b8b3f7d84c7e47db900850a98648e225fa135f9ec59dcb1b6123c1ba2c701881
-
SHA512
c9812503149aacd1b1bd9cf354570562e97518f3c614b5f7af93617266303a969f7970196c3a1ed785ffe68a68af2c8f9f72f00d33610d8cecf238409eb58e19
-
SSDEEP
384:pnc6CqbFYh3odrVCGiHssDB4b6i6fgpEupNXRmRvR6JZlbw8hqIusZzZr/jGZUwh:pcIU0tw3RpcnuAASoAeN/
Malware Config
Extracted
njrat
0.7d
SUPERAntiSpyware
speedrace.ddns.net:1337
52b9d4a87e4a68d91bb1d92c8b16d19a
-
reg_key
52b9d4a87e4a68d91bb1d92c8b16d19a
-
splitter
|'|'|
Targets
-
-
Target
b8b3f7d84c7e47db900850a98648e225fa135f9ec59dcb1b6123c1ba2c701881
-
Size
385KB
-
MD5
4196a59f10b43921440543c917f554ca
-
SHA1
10bd8d5c3a4bb567e114cef625c1da913711b694
-
SHA256
b8b3f7d84c7e47db900850a98648e225fa135f9ec59dcb1b6123c1ba2c701881
-
SHA512
c9812503149aacd1b1bd9cf354570562e97518f3c614b5f7af93617266303a969f7970196c3a1ed785ffe68a68af2c8f9f72f00d33610d8cecf238409eb58e19
-
SSDEEP
384:pnc6CqbFYh3odrVCGiHssDB4b6i6fgpEupNXRmRvR6JZlbw8hqIusZzZr/jGZUwh:pcIU0tw3RpcnuAASoAeN/
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1