General

  • Target

    187c8bf04459e99a197ea104f1a7df46130f99dad500fa8da827e73fff5e5a8a

  • Size

    232KB

  • Sample

    240528-xrwk6shd64

  • MD5

    a1bcab7fd0b0cf0ff951fb7e2cd7d904

  • SHA1

    3dd8f8ab5e889f496c6795b5a145018ea72b3006

  • SHA256

    187c8bf04459e99a197ea104f1a7df46130f99dad500fa8da827e73fff5e5a8a

  • SHA512

    d89fa4a42bab51501d7f52ea72dc1fc9b9049707808fcffe55abdafd706dab3f97254e15cefff9e2bdcea756f4c2fa44decce58b8fe0b3891b166fea7b3d23da

  • SSDEEP

    6144:6PLuOE2FcpKZbo5xzGxuCuQM+O2pfLuVTGlx:qLi2FcpKe5xzGxuCzZpf

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

H4ck3d

C2

afr0j4ck.ddns.net:7000

Mutex

a11b2f32a00452092d12171e04c83a72

Attributes
  • reg_key

    a11b2f32a00452092d12171e04c83a72

  • splitter

    |'|'|

Targets

    • Target

      187c8bf04459e99a197ea104f1a7df46130f99dad500fa8da827e73fff5e5a8a

    • Size

      232KB

    • MD5

      a1bcab7fd0b0cf0ff951fb7e2cd7d904

    • SHA1

      3dd8f8ab5e889f496c6795b5a145018ea72b3006

    • SHA256

      187c8bf04459e99a197ea104f1a7df46130f99dad500fa8da827e73fff5e5a8a

    • SHA512

      d89fa4a42bab51501d7f52ea72dc1fc9b9049707808fcffe55abdafd706dab3f97254e15cefff9e2bdcea756f4c2fa44decce58b8fe0b3891b166fea7b3d23da

    • SSDEEP

      6144:6PLuOE2FcpKZbo5xzGxuCuQM+O2pfLuVTGlx:qLi2FcpKe5xzGxuCzZpf

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

MITRE ATT&CK Enterprise v15

Tasks