General

  • Target

    664c0effa7bb5dc6c5c20c90b9b9ab1553bd57d7f2a4b6dce2fed74728312305

  • Size

    425KB

  • Sample

    240429-2dkc7sdc5s

  • MD5

    72ece7b155cc961b845e3c4b9bdbc25b

  • SHA1

    12f8afc17eba584ae52935cb39ced0b47280c37f

  • SHA256

    664c0effa7bb5dc6c5c20c90b9b9ab1553bd57d7f2a4b6dce2fed74728312305

  • SHA512

    cfc4c857a0deaea8537f87a5e4c4a1c880ef0af32200038f01f53ca72814f3b908d419d1a0ffba3618c53d6a2417acdac0fdeb433c87ca4ff7676fd4960b2585

  • SSDEEP

    12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKo:brl6kD68JmlokQfttqY2Ko

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

14 mai generateur xbox

C2

89.94.35.57:1604

Mutex

ef05e501c2e286164abf5fcaa961559f

Attributes
  • reg_key

    ef05e501c2e286164abf5fcaa961559f

  • splitter

    |'|'|

Targets

    • Target

      664c0effa7bb5dc6c5c20c90b9b9ab1553bd57d7f2a4b6dce2fed74728312305

    • Size

      425KB

    • MD5

      72ece7b155cc961b845e3c4b9bdbc25b

    • SHA1

      12f8afc17eba584ae52935cb39ced0b47280c37f

    • SHA256

      664c0effa7bb5dc6c5c20c90b9b9ab1553bd57d7f2a4b6dce2fed74728312305

    • SHA512

      cfc4c857a0deaea8537f87a5e4c4a1c880ef0af32200038f01f53ca72814f3b908d419d1a0ffba3618c53d6a2417acdac0fdeb433c87ca4ff7676fd4960b2585

    • SSDEEP

      12288:WquErHF6xC9D6DmR1J98w4oknqO/CyQftQYqYbLmKo:brl6kD68JmlokQfttqY2Ko

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • UPX dump on OEP (original entry point)

    • Modifies Windows Firewall

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks