General

  • Target

    c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1

  • Size

    271B

  • Sample

    240502-qt931sca88

  • MD5

    b9acaac18eee9b5cde0c6defbe2c1caa

  • SHA1

    6f8cb34d61f9136e96345684846edf49dfa976bc

  • SHA256

    c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1

  • SHA512

    70c8b3742c98e1daf2c7fda40c992621c2250a9dac648c4798370697f5688e1883162079909dd245a33fc064a843a94f84c7399b99bae9b6418a47b3c5e75e12

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://firebasestorage.googleapis.com/v0/b/prog-622b7.appspot.com/o/SidM.jpg?alt=media&token=53ed6ff5-09e0-4464-a19c-f0e9d9c6cec8

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://firebasestorage.googleapis.com/v0/b/prog-622b7.appspot.com/o/Ssid.jpg?alt=media&token=10629c63-3c23-437a-9543-4f9dcee695bb

ps1.dropper

https://firebasestorage.googleapis.com/v0/b/prog-622b7.appspot.com/o/Rnew.jpg?alt=media&token=d68ad7e3-80ed-4083-ad53-8af401c5b503

Extracted

Family

njrat

Version

0.7d

Botnet

H

Attributes
  • splitter

    |'|'|

Targets

    • Target

      c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1

    • Size

      271B

    • MD5

      b9acaac18eee9b5cde0c6defbe2c1caa

    • SHA1

      6f8cb34d61f9136e96345684846edf49dfa976bc

    • SHA256

      c07598299d2d73883f23a3585740bca427eb733579c4a0fe2280593d116896f1

    • SHA512

      70c8b3742c98e1daf2c7fda40c992621c2250a9dac648c4798370697f5688e1883162079909dd245a33fc064a843a94f84c7399b99bae9b6418a47b3c5e75e12

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks