General

  • Target

    وزنية زاحفههه.exe

  • Size

    8.2MB

  • Sample

    240622-3z53gavcql

  • MD5

    d4ef1c3f94508ff6e738fb6c38e05252

  • SHA1

    33ca3ece9797409707a6c6c7773bb3c4a3e85a4d

  • SHA256

    71b39da7c5a7414f5308daae6f98208d1c1636e69dbaa51d09c8ebc84b180c38

  • SHA512

    a961910facdea67ec2a9cad4ad2f13ba27a085a58c00a7ac40dc2f04b05a7039638e52842185158ff45e93fdf810c0477db09dbab8e0b70b3aa41fdb67a2a8bf

  • SSDEEP

    196608:z3dxfNpGMa42dp0+Qav9NHPZtku5uU689q7wfqIF:z3dRNpGoW0ClNhCuefwfjF

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Server

C2

127.0.0.1:6522

Mutex

6eff5e1ac69475e84ad4e71ee67ef805

Attributes
  • reg_key

    6eff5e1ac69475e84ad4e71ee67ef805

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      وزنية زاحفههه.exe

    • Size

      8.2MB

    • MD5

      d4ef1c3f94508ff6e738fb6c38e05252

    • SHA1

      33ca3ece9797409707a6c6c7773bb3c4a3e85a4d

    • SHA256

      71b39da7c5a7414f5308daae6f98208d1c1636e69dbaa51d09c8ebc84b180c38

    • SHA512

      a961910facdea67ec2a9cad4ad2f13ba27a085a58c00a7ac40dc2f04b05a7039638e52842185158ff45e93fdf810c0477db09dbab8e0b70b3aa41fdb67a2a8bf

    • SSDEEP

      196608:z3dxfNpGMa42dp0+Qav9NHPZtku5uU689q7wfqIF:z3dRNpGoW0ClNhCuefwfjF

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks