njrat | 2769155d033b0441b80165f00a126db615ba18046ae0a952c9d145ee4ce1b0ae

Sharing

Copy URL

Twitter E-mail

General

Target

2769155d033b0441b80165f00a126db615ba18046ae0a952c9d145ee4ce1b0ae
Size

371KB
Sample

240410-h7139sag7v
MD5

8f1af8760a7dfd7571a19bc74a9960b3
SHA1

b5ed4d1cb148709e77d88b917ffdd858153c14ca
SHA256

2769155d033b0441b80165f00a126db615ba18046ae0a952c9d145ee4ce1b0ae
SHA512

23225e5164333abcc31a829136f2287f684b27ac2e33cd2cba0cea853bac9a92e1087dd43878440d433f643d3718110d73fbf7575403652d5490f2c5cf496f1c
SSDEEP

6144:9PCganNFIuaTlVKeKUaHXtt16TbFa4YjsVyG9DBeslx5EUyDjWoGwcyZQDQxmEjo:janAua5seraHXZ6H0G9DBew6Djm5DFEU

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

sep-04-2020

npspwrap.duckdns.org:2756

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
ultimate

Targets

- Target
  
  2769155d033b0441b80165f00a126db615ba18046ae0a952c9d145ee4ce1b0ae
- Size
  
  371KB
- MD5
  
  8f1af8760a7dfd7571a19bc74a9960b3
- SHA1
  
  b5ed4d1cb148709e77d88b917ffdd858153c14ca
- SHA256
  
  2769155d033b0441b80165f00a126db615ba18046ae0a952c9d145ee4ce1b0ae
- SHA512
  
  23225e5164333abcc31a829136f2287f684b27ac2e33cd2cba0cea853bac9a92e1087dd43878440d433f643d3718110d73fbf7575403652d5490f2c5cf496f1c
- SSDEEP
  
  6144:9PCganNFIuaTlVKeKUaHXtt16TbFa4YjsVyG9DBeslx5EUyDjWoGwcyZQDQxmEjo:janAua5seraHXZ6H0G9DBew6Djm5DFEU
Score

10^/10

njrat sep-04-2020 trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $APPDATA/24/remind/domains/SERVERLib.dll
- Size
  
  4KB
- MD5
  
  4be1885f7693f3734efab71da9aea77c
- SHA1
  
  35166be477e9a3d2c061537b1ab9a5e704a37d51
- SHA256
  
  e981bfa9d985da036fffe19905dcf7d607d8037f65c5f36999dd32c71a2c7e04
- SHA512
  
  c1c9aef14a181b7b414cadd12b493c041fea084a61089a459c13963845d83c82722a36abeb1ad38c3774343fd3a11f52f1c6cf2926a0aa4bfd7a32d0151223ed
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/24/remind/domains/aspnetregbrowsers.exe
- Size
  
  13KB
- MD5
  
  a394c927a7ad7befdf7136144232a13a
- SHA1
  
  cc95d2160686c7d95cfb5334fb83eac5fd176cb4
- SHA256
  
  59146d16e5a1b9c2e47eb1447e6ae2fa403c4182107e893a7cf33c81e8023a54
- SHA512
  
  4938539bab4e257a57c9b336fae979ce91cf1f30dbfcaae2c164bb44c85a130c7a85ffe19f6007b1c75e6a77e5abb4948e1ca8c2a9817cf8fdafe2ae0bfbf3fc
- SSDEEP
  
  192:jowEhZpVUjCZKb338cV/pqlFOxWFlhm4QSXoOx0x6EpWeNHJW/:jowEhdUjtNwEgFrSSXHirpWKHJW
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/24/remind/domains/lregdll.dll
- Size
  
  10KB
- MD5
  
  abb5327b536728af743f5ec484e5699f
- SHA1
  
  e9bfc702e574db897740f2d731a7e0993d80a55f
- SHA256
  
  9ec4c2b05238e0fe4e5811c0d237d437dcc99ee9cdcb02765dc00659423b26d3
- SHA512
  
  c5372244db1db0c581ffcceb19401e6abbd4d92c7bb2ef6fdc5c7cebc7a3a13bbcb2cd6e882e89841170824556bf959d0f85bc7a95031d5c32803809167d5350
- SSDEEP
  
  192:OknPG2jjRfI3X6626vrkok6RXYW1dNd3WNViu:beoOK6265qW1fd3WPb
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/24/remind/domains/u2l2000.dll
- Size
  
  22KB
- MD5
  
  6ec4efacbc97780df137830a7048eb84
- SHA1
  
  42baf27afbed37494c6dec64397bee989bee346b
- SHA256
  
  2dca9c28a3a056bf5a851bc0715da8f794a2c5663c2a55290fe802fb67eebf2a
- SHA512
  
  8a4951d17858b043ec279a322d54fa759f58e05237865ca7c7d93a60e253f2d7183d35581934561044a2b23b9aec64bb3bb3f9ec9977224c1621eccf75302475
- SSDEEP
  
  384:5w2rZdfNO4Pdc1YUo21/ar7jCDS+/hLCcY9jBJJ1lqI:5w27iSr747pL38TJ1lqI
Score

3^/10
behavioral10 behavioral9
- Target
  
  $APPDATA/24/remind/domains/wbemDC.dll
- Size
  
  31KB
- MD5
  
  a7d437a83378ac8f19797eff1044732b
- SHA1
  
  446f1802d1b199779ef8a35daf1c35125e193bd1
- SHA256
  
  697f768d749e5bfe8055997819fc0b088cb7ea2ce31e198b7210fa7dfa1ee597
- SHA512
  
  1349e67e4a68191e05af24242108732abfddfcb9e38427987f8407038e441386a0a004b5a7eb3f5a793691d06bf124f226e749238302bdd6b538605c3e8eec1e
- SSDEEP
  
  384:Ht7JZXNm4ZDjaEyaD0eNB1QsubhZKCTVvt9Sj5ko8Zr6DtnWO93GjWz6ctY:HtFRjnaExG1NZKCdSj5Eyt/wW0
Score

1^/10
behavioral11 behavioral12
- Target
  
  $APPDATA/post/60.opends60.dll
- Size
  
  44B
- MD5
  
  c11be71799da5e7e085efb1beebb7373
- SHA1
  
  8df55e0a0d61092bb1d67e95d28018df219fd008
- SHA256
  
  a64e986aac722009dc44ad13c56c7ed5ec4498c9c9daeaaa82675f9f4f3f0074
- SHA512
  
  9ae601cc5344cfd264e2948e5fd14b417482876e794efb7516b637a3d7445a829d73e40897b0fc07430e12c966753b0c64974b8e104b770fea5be1cad921bbe7
Score

1^/10
behavioral13 behavioral14
- Target
  
  $APPDATA/post/MFC80CHS.dll
- Size
  
  40KB
- MD5
  
  82b3145c4a4d708288447ded7d2e9e8f
- SHA1
  
  850f325668133f38a2c9b5e38b757381f02c4f0d
- SHA256
  
  e78ce4d46f8b655f830fdb950cac8cd2e7ea98a168b45e648fb78f59c47b4600
- SHA512
  
  bb0b710d81b5be93c95a710a0b081bc1f398d95ecb55b03997523b9f2366d6717c07849de58feac6b4439b1b56418c4804d5e0b1ab7cc216a5993c0091b2dc3a
- SSDEEP
  
  384:+DNemsf/tAGqyVUIrvVWJWRUJwxV0fwItnFiHyt6S26r81Jd5AJd:+ZXs9AGDTrvFVx4wItnFfL26r81nE
Score

1^/10
behavioral15 behavioral16
- Target
  
  $APPDATA/post/edbgps.dll
- Size
  
  26KB
- MD5
  
  2160b3e337a493ca6fe9c1a0cd8b7b82
- SHA1
  
  1a5cd9e540bce012ef88c4778d359a0c20cc2cc8
- SHA256
  
  234458831289380cecd07624c51dc31f97fa6d9f81ed29bbff17afb8a27332dc
- SHA512
  
  15e086800b71137c4e44cac4aab6a3289ea644bbe4c11a915ecfdf1000f67b8a9ac590b8aa894be5e660227c00a9a9e63d9c61dd7dd1e4908398ef889dfc0e02
- SSDEEP
  
  384:WV0a/hPqP4h1q8fJIlPPV0n64l6GGWkaQWW4u+R4Kyr:7EBKC64aaLK
Score

1^/10
behavioral17 behavioral18
- Target
  
  $APPDATA/post/pgort80.dll
- Size
  
  39KB
- MD5
  
  77e12b38979f15fd3c7b5c2e30ccc507
- SHA1
  
  3c6864feacf69dd9378b7060ba1ebc992bc1530c
- SHA256
  
  71e6c75132dd60e3a9c1e723a0c41d91dc89960d1e3daf90ad7afb938922b241
- SHA512
  
  e3453b3bcae23faefe6f9cdb074032bd27d6723dbeb5aef5d8b15589731385db034975297b0125a84f683940882072efe131cc8dd60b11084121b063cfed5194
- SSDEEP
  
  384:uXV6XPtrNDDsf3d8pIrBZGrrakyQUqQfcLr5NfCSXUI4WPwR+pAfQ+E98bzG7O0K:KMXPtrNvsft84Vx/qQfCrn/4WPc2fea
Score

1^/10
behavioral19 behavioral20
- Target
  
  $APPDATA/post/vsamui.dll
- Size
  
  37KB
- MD5
  
  5b66b20978dd93294322490cd78862e1
- SHA1
  
  fa6f43f15cff1fec3bc98c9ddb8f5ba3055dbfb1
- SHA256
  
  aa17c7de31d930e7e326ca58d3a8d509f9ed6de5971ffffaf0ac5da6444e0272
- SHA512
  
  52d03f872e1e32ab5af18aafa3abaebd7fe00237b2f2fc92bf60c195e005cfa2780f9d2904c9972f8ccbd9e1c5d9dbca91f42cd9b86f4e49e56c9a771972ef1e
- SSDEEP
  
  768:D47PMIuv415w4tjH+rx9yZ84XANjlL0RkBqn3SP/4UKBW3jLyfvXex5Yb3vP1Z46:Jr415LtjigZ8GIF0N3SuWzez
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/AboutUs/errata/15.opends60.dll
- Size
  
  44B
- MD5
  
  0cb4dde5b855f1a7f6b63994a24169ba
- SHA1
  
  8bed3118d2b39933700f367834cfce0ba7cab1af
- SHA256
  
  ecdbd005d77ee41bd7f6b6f7adec17c15a78b98f85e7d3198f2e6abbd2653a60
- SHA512
  
  a449b4e014f012e17b17173e03dc72e10ddf0b4542a1f267968b08978561eaf453c4d451c3095e67767f37be8a70de65c26ecd7c3a2cc792f7187a4c37eea3f2
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/ShoonCataclysm.dll
- Size
  
  48KB
- MD5
  
  6864b4b87cb50d998f8c3d583e0e5bf3
- SHA1
  
  c90c3de34d735e40a81e42254f60453ac8cff190
- SHA256
  
  178b978482f6ede2219513d9dbbce2df3d09e188114a8eb4caca7d4390c03f17
- SHA512
  
  2db7f163c3364fdb2e06e8c67062f2fdcf243358fe9d156e3da0ccac3876e75e4870450e20cd46e67b1ce32ee59231e81ef7ccf0c6af432d4061c93667e4feba
- SSDEEP
  
  768:1/4Clb6KhYKJbfJF61tthuLjpJ1x57019+6J6HTTDWm7bQhudae5:J4yDwtqjpnq7JSTn
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/usr/61.opends60.dll
- Size
  
  46B
- MD5
  
  969bccea0ad26d372a96b9af62dde555
- SHA1
  
  ed6a8b4b4f1fce7765a0846043f421dfb74c4609
- SHA256
  
  e8e797544ee1985d2fea23980aa579abba0e52b7365f65f6afeac9cf1d7dd957
- SHA512
  
  140aaad0638544a5dacc19c3f322ba7a7376263f3ab05aae79f79c7fbeead4c1d9848d54d6d6585e3d973c99d7f1d7059f1e7d663767927fb4e024a7d5714147
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28