General

  • Target

    virussign.com_84875b4283fa59685172a0ea7f7e7ac0.vir

  • Size

    884KB

  • Sample

    240528-ta8bvsca55

  • MD5

    84875b4283fa59685172a0ea7f7e7ac0

  • SHA1

    1bf08442e7e3284e529d4f30bd8b5559d054e4d7

  • SHA256

    b51028907f6b360042638f29505aa13b31e491b95ed02372f6a737a9efdc8e15

  • SHA512

    343301e074406841a6082754dc20b13f94059b89bf4a2099ac281787116ff3bbebc58f0d67c84788e19e28f662dd63ebdf70bca8d9164b9e2e450567c5877bcc

  • SSDEEP

    24576:8u6J33O0c+JY5UZ+XC0kGsoTacbl6u2idWYd:mu0c++OCvkGsEacJ67bYd

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

14 mai generateur xbox

C2

89.94.35.57:1604

Mutex

ef05e501c2e286164abf5fcaa961559f

Attributes
  • reg_key

    ef05e501c2e286164abf5fcaa961559f

  • splitter

    |'|'|

Targets

    • Target

      virussign.com_84875b4283fa59685172a0ea7f7e7ac0.vir

    • Size

      884KB

    • MD5

      84875b4283fa59685172a0ea7f7e7ac0

    • SHA1

      1bf08442e7e3284e529d4f30bd8b5559d054e4d7

    • SHA256

      b51028907f6b360042638f29505aa13b31e491b95ed02372f6a737a9efdc8e15

    • SHA512

      343301e074406841a6082754dc20b13f94059b89bf4a2099ac281787116ff3bbebc58f0d67c84788e19e28f662dd63ebdf70bca8d9164b9e2e450567c5877bcc

    • SSDEEP

      24576:8u6J33O0c+JY5UZ+XC0kGsoTacbl6u2idWYd:mu0c++OCvkGsEacJ67bYd

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks