General

  • Target

    aede3da96686dd53b40cfe6eb2cc0ae9.exe

  • Size

    93KB

  • Sample

    240531-eegx5sfc43

  • MD5

    aede3da96686dd53b40cfe6eb2cc0ae9

  • SHA1

    096861827f46484d4410d55b3081252060f17793

  • SHA256

    f071fd027d2673f3a3a4c7cf8afa0b37fff30655b53cff5bb2026cbb88995175

  • SHA512

    792ee13f1c5bfbb67a53bfa0420449eb49a9ea564b4656b46c057b26ef49b16d07e6f8bbc3ea59b0829624bf30ab9f90e9f2476284abee671f7a1213fd1ebfc9

  • SSDEEP

    1536:zC4FQWqkqqoLc2m+iIjEwzGi1dDOD5gS:zC4mkqqoA2xi5i1dg2

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

svchost

C2

hakim32.ddns.net:2000

49.13.194.118:5552

Mutex

aa3e578cf24b52eb25e52bda2023185b

Attributes
  • reg_key

    aa3e578cf24b52eb25e52bda2023185b

  • splitter

    |'|'|

Targets

    • Target

      aede3da96686dd53b40cfe6eb2cc0ae9.exe

    • Size

      93KB

    • MD5

      aede3da96686dd53b40cfe6eb2cc0ae9

    • SHA1

      096861827f46484d4410d55b3081252060f17793

    • SHA256

      f071fd027d2673f3a3a4c7cf8afa0b37fff30655b53cff5bb2026cbb88995175

    • SHA512

      792ee13f1c5bfbb67a53bfa0420449eb49a9ea564b4656b46c057b26ef49b16d07e6f8bbc3ea59b0829624bf30ab9f90e9f2476284abee671f7a1213fd1ebfc9

    • SSDEEP

      1536:zC4FQWqkqqoLc2m+iIjEwzGi1dDOD5gS:zC4mkqqoA2xi5i1dg2

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks