General

  • Target

    wpcheck1915.exe

  • Size

    9.5MB

  • Sample

    240623-wpt4wssbnq

  • MD5

    86f8cb334d0d33a4a279b2c49f094ff6

  • SHA1

    baf3c9c3f6dfbf68eea3d54f199df9c735b846cf

  • SHA256

    a10b43a2c8d651a7a1519547ea09050dcfd2e6fcbf7a968b8e8aef64f97a55d3

  • SHA512

    4270ef74475becc38b539abce86a0a8153c17931cc3fe855751c7e10a9438fa1c9cf8607a3f5062e3d7776a8839cea22a3366acac2cf166bbe4d39f132ed8985

  • SSDEEP

    196608:hu7T2nZO7IywXOdfYquRQrhq06Cs/3p8zQOK9w6mMIV0A18LQOB:Mn247JuOuD0Pkqsw6PK518LQW

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://hjhhhsfdghsjfghghdbfjksjfgdhgfjksghjkshf34tjhjkdsdjghsjkhg.000webhostapp.com/Att.jpg

Extracted

Family

njrat

Version

Platinum

Botnet

EGYSTUB

C2

127.0.0.1:7077

Mutex

System.exe

Attributes
  • reg_key

    System.exe

  • splitter

    |Ghost|

Targets

    • Target

      wpcheck1915.exe

    • Size

      9.5MB

    • MD5

      86f8cb334d0d33a4a279b2c49f094ff6

    • SHA1

      baf3c9c3f6dfbf68eea3d54f199df9c735b846cf

    • SHA256

      a10b43a2c8d651a7a1519547ea09050dcfd2e6fcbf7a968b8e8aef64f97a55d3

    • SHA512

      4270ef74475becc38b539abce86a0a8153c17931cc3fe855751c7e10a9438fa1c9cf8607a3f5062e3d7776a8839cea22a3366acac2cf166bbe4d39f132ed8985

    • SSDEEP

      196608:hu7T2nZO7IywXOdfYquRQrhq06Cs/3p8zQOK9w6mMIV0A18LQOB:Mn247JuOuD0Pkqsw6PK518LQW

    • Modifies Windows Defender Real-time Protection settings

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks