General

  • Target

    e04e9973416af74dd6b72139b2a8d1a7

  • Size

    214KB

  • Sample

    240327-ahr53aae31

  • MD5

    e04e9973416af74dd6b72139b2a8d1a7

  • SHA1

    70c8c90c0ddaca4d664fa953bc967c9937d2bf70

  • SHA256

    68cc8e4ec9e846618c0e2fb02fcd9673fc8aa3643de94e6894a17c2e7ea903d6

  • SHA512

    3a6116d5e20662a52686cffa046d48e5b57385537e584ec881cab2c164b6520330b17f563a9ac37534b254f24feb1821f6aa5abeddeadf19b2e0bb6286b81526

  • SSDEEP

    1536:Tw8PflA1YbXmIjlTQGIE5Dw8PflA1YbXmIjlTQGIE5e:e

Score
10/10

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

123456

C2

new.libya2020.com.ly:1515

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      e04e9973416af74dd6b72139b2a8d1a7

    • Size

      214KB

    • MD5

      e04e9973416af74dd6b72139b2a8d1a7

    • SHA1

      70c8c90c0ddaca4d664fa953bc967c9937d2bf70

    • SHA256

      68cc8e4ec9e846618c0e2fb02fcd9673fc8aa3643de94e6894a17c2e7ea903d6

    • SHA512

      3a6116d5e20662a52686cffa046d48e5b57385537e584ec881cab2c164b6520330b17f563a9ac37534b254f24feb1821f6aa5abeddeadf19b2e0bb6286b81526

    • SSDEEP

      1536:Tw8PflA1YbXmIjlTQGIE5Dw8PflA1YbXmIjlTQGIE5e:e

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks