Resubmissions

31-05-2024 16:14

240531-tp1wbsdf8s 10

31-05-2024 16:11

240531-tm9qfsec73 10

31-05-2024 16:06

240531-tj5mbsde3t 10

General

  • Target

    akrien_1.5.8.rar

  • Size

    31KB

  • Sample

    240531-tm9qfsec73

  • MD5

    0616222604d7b733cbc9251fe6fcaac4

  • SHA1

    3f3d16ec658f869d90b2126f51e0c6a5756d7c88

  • SHA256

    01897bed0d01dbedd642a788244be6e178b5f049600aa6241572a2a19f7b4781

  • SHA512

    f0dc202d9a32c4d75c3ad07ee41fc405f5267db7e056b2e535ece8b26d638ecfec16d201d8f3ef594f7dd26bcdcb9c3ab1e0013fdb631450c7d18af471ba6f44

  • SSDEEP

    768:Zv7405+c6z9+20s6SdHRZI0Wu89XveC2a6RRy610UEnSlb2Y:h7eu23xktvWRvtaGX

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

FBR

C2

hakim32.ddns.net:2000

2.tcp.eu.ngrok.io:17169

Mutex

943103c6c88219ab23c2a39b264fc150

Attributes
  • reg_key

    943103c6c88219ab23c2a39b264fc150

  • splitter

    |'|'|

Targets

    • Target

      akrien_1.5.8.rar

    • Size

      31KB

    • MD5

      0616222604d7b733cbc9251fe6fcaac4

    • SHA1

      3f3d16ec658f869d90b2126f51e0c6a5756d7c88

    • SHA256

      01897bed0d01dbedd642a788244be6e178b5f049600aa6241572a2a19f7b4781

    • SHA512

      f0dc202d9a32c4d75c3ad07ee41fc405f5267db7e056b2e535ece8b26d638ecfec16d201d8f3ef594f7dd26bcdcb9c3ab1e0013fdb631450c7d18af471ba6f44

    • SSDEEP

      768:Zv7405+c6z9+20s6SdHRZI0Wu89XveC2a6RRy610UEnSlb2Y:h7eu23xktvWRvtaGX

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks