General
-
Target
Server2.exe
-
Size
37KB
-
Sample
240524-t8qvgacg53
-
MD5
eb58ab61b4f6752137b47922b3fa3a21
-
SHA1
df08cf24715c89aa84954587080b87d7ad33e56d
-
SHA256
e74dfaa4c10425645b96135ef379febb8fd5a822708da089d22b98b9739cc844
-
SHA512
bc1d4743b452c9a2cf6abc7b597b1b7a8c9993beb608f958b5425a2bb910e9e4b48c9c6d036ac32fba1474f0d0de7645313c20e71ea8684f866afdc1e2b438ed
-
SSDEEP
384:z0BqiUD54NLHdayszTbUfblsWs7PrAF+rMRTyN/0L+EcoinblneHQM3epzX8NCnm:IhZdJszTbUh1szrM+rMRa8Nu+OWt
Malware Config
Extracted
njrat
im523
HacKed
every-unnecessary.gl.at.ply.gg:41021
6f3457932b8896a88f738e8383f18e0a
-
reg_key
6f3457932b8896a88f738e8383f18e0a
-
splitter
|'|'|
Targets
-
-
Target
Server2.exe
-
Size
37KB
-
MD5
eb58ab61b4f6752137b47922b3fa3a21
-
SHA1
df08cf24715c89aa84954587080b87d7ad33e56d
-
SHA256
e74dfaa4c10425645b96135ef379febb8fd5a822708da089d22b98b9739cc844
-
SHA512
bc1d4743b452c9a2cf6abc7b597b1b7a8c9993beb608f958b5425a2bb910e9e4b48c9c6d036ac32fba1474f0d0de7645313c20e71ea8684f866afdc1e2b438ed
-
SSDEEP
384:z0BqiUD54NLHdayszTbUfblsWs7PrAF+rMRTyN/0L+EcoinblneHQM3epzX8NCnm:IhZdJszTbUh1szrM+rMRa8Nu+OWt
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1