General

  • Target

    2361c32e758319438497cb36821c10b0_NeikiAnalytics.exe

  • Size

    40KB

  • Sample

    240527-hj8hfabd9t

  • MD5

    2361c32e758319438497cb36821c10b0

  • SHA1

    7f901031c4217cb05ae327c18834ebcf0b3b551c

  • SHA256

    a1817a4a9dc48eb8ad476d3d7858f6ba8aec6b8c57802edb3d1105c08a91cd8a

  • SHA512

    d8ae3f3a503c848ec6feb79eddf2d96ed6b76ee54fff2d80b9d0c703ffc90bce2c579495e06ac34ba4590caedfa7d373f9d6cae08f6180aa3cd06c6955e58c50

  • SSDEEP

    768:YKBuSAkWxIhvu+TbRyhiAmqzkQpaNaDMfqodqZheC5ktP2q3:/Vqxczb66rpYShC5a28

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

h

C2

127.0.0.1:5552

Mutex

5b108bef078fa7486fcf1d6fb09e71ce

Attributes
  • reg_key

    5b108bef078fa7486fcf1d6fb09e71ce

  • splitter

    |'|'|

Targets

    • Target

      2361c32e758319438497cb36821c10b0_NeikiAnalytics.exe

    • Size

      40KB

    • MD5

      2361c32e758319438497cb36821c10b0

    • SHA1

      7f901031c4217cb05ae327c18834ebcf0b3b551c

    • SHA256

      a1817a4a9dc48eb8ad476d3d7858f6ba8aec6b8c57802edb3d1105c08a91cd8a

    • SHA512

      d8ae3f3a503c848ec6feb79eddf2d96ed6b76ee54fff2d80b9d0c703ffc90bce2c579495e06ac34ba4590caedfa7d373f9d6cae08f6180aa3cd06c6955e58c50

    • SSDEEP

      768:YKBuSAkWxIhvu+TbRyhiAmqzkQpaNaDMfqodqZheC5ktP2q3:/Vqxczb66rpYShC5a28

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks