General

  • Target

    4f60edd6cec063433d6b636f32487812a362affdb6e9af44139587985018756e

  • Size

    38KB

  • Sample

    240530-1krkesad3s

  • MD5

    19f59b5272483912e0edb85ed31b24fd

  • SHA1

    11c5d78c7e74a1af478ef62dfd9751b38bb45ecd

  • SHA256

    4f60edd6cec063433d6b636f32487812a362affdb6e9af44139587985018756e

  • SHA512

    28e6d314656722fe22b44cb77e3e8eada5139c793889a8180b4be8406ec332f0c76eb175376906a8b802a6a13dfee2f2a6f6cc73d1a9812d5f985ad843dcc3bc

  • SSDEEP

    384:oMKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZGga3A533O:/W4V6+yDRpcnu8a3uxUt+Ddo

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

dsada

C2

aullavideoas.ddns.net:1010

Mutex

4acc7d5a5eb4f0bcb9bb8f90afc33265

Attributes
  • reg_key

    4acc7d5a5eb4f0bcb9bb8f90afc33265

  • splitter

    |'|'|

Targets

    • Target

      4f60edd6cec063433d6b636f32487812a362affdb6e9af44139587985018756e

    • Size

      38KB

    • MD5

      19f59b5272483912e0edb85ed31b24fd

    • SHA1

      11c5d78c7e74a1af478ef62dfd9751b38bb45ecd

    • SHA256

      4f60edd6cec063433d6b636f32487812a362affdb6e9af44139587985018756e

    • SHA512

      28e6d314656722fe22b44cb77e3e8eada5139c793889a8180b4be8406ec332f0c76eb175376906a8b802a6a13dfee2f2a6f6cc73d1a9812d5f985ad843dcc3bc

    • SSDEEP

      384:oMKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZGga3A533O:/W4V6+yDRpcnu8a3uxUt+Ddo

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks