General

  • Target

    crypted rat.exe

  • Size

    110KB

  • Sample

    240622-l2ejvsxclr

  • MD5

    c5095088e4ce78d1a90224a2c769e196

  • SHA1

    0dce6ff26e150acd9dd9b9838068011c71b90a3b

  • SHA256

    286fd81b6bae4e132cbad308423e3b2b064ea4e8b4ea970c5c1fe31a156c5b1e

  • SHA512

    954cceb8006bcd76f03ec7781898a318b7bbcf447501bfbfd7c5902e1a4945df7edcc1b2c3c7a0d19648b28384e87fc47995dceb481fccf4683c07a66a1411c4

  • SSDEEP

    3072:abnaOa/AhYN7ofWE9kI93IcakRGEV8IbEWOEx:azssY1ofj9593JRb5xb

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Debil

C2

hakim32.ddns.net:2000

lake-french.gl.at.ply.gg:33694

Mutex

5d215efb685d488d29cc52d66504493b

Attributes
  • reg_key

    5d215efb685d488d29cc52d66504493b

  • splitter

    |'|'|

Targets

    • Target

      crypted rat.exe

    • Size

      110KB

    • MD5

      c5095088e4ce78d1a90224a2c769e196

    • SHA1

      0dce6ff26e150acd9dd9b9838068011c71b90a3b

    • SHA256

      286fd81b6bae4e132cbad308423e3b2b064ea4e8b4ea970c5c1fe31a156c5b1e

    • SHA512

      954cceb8006bcd76f03ec7781898a318b7bbcf447501bfbfd7c5902e1a4945df7edcc1b2c3c7a0d19648b28384e87fc47995dceb481fccf4683c07a66a1411c4

    • SSDEEP

      3072:abnaOa/AhYN7ofWE9kI93IcakRGEV8IbEWOEx:azssY1ofj9593JRb5xb

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks