General

  • Target

    cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400.exe

  • Size

    31KB

  • Sample

    240624-bslxgawfqq

  • MD5

    7a94013c17dc892cea16fbae38646e43

  • SHA1

    8cf54c2ac961dd5c82cb3b07c3de317847aa94bb

  • SHA256

    cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400

  • SHA512

    03df47db51270ca87172620e5475ce7a99e1fa1bd61e1956e4a0b28792d145b4e30d5b0d7b0737ea3ed331cecaecde78641b4828b1b9425153b1f9ac3de6f34a

  • SSDEEP

    768:jrpS7G1XB9Qzxry1vIPvQbxvKnQmIDUu0tinaj:Um6yxIQVk7j

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

windowsdefender

C2

88.168.211.65:6522

Mutex

9300538b8eb52046b545ea0eefc265d2

Attributes
  • reg_key

    9300538b8eb52046b545ea0eefc265d2

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400.exe

    • Size

      31KB

    • MD5

      7a94013c17dc892cea16fbae38646e43

    • SHA1

      8cf54c2ac961dd5c82cb3b07c3de317847aa94bb

    • SHA256

      cd35af0a0c71c382760409b7b2343c83857d89af55a0b365b72962f0f9c9a400

    • SHA512

      03df47db51270ca87172620e5475ce7a99e1fa1bd61e1956e4a0b28792d145b4e30d5b0d7b0737ea3ed331cecaecde78641b4828b1b9425153b1f9ac3de6f34a

    • SSDEEP

      768:jrpS7G1XB9Qzxry1vIPvQbxvKnQmIDUu0tinaj:Um6yxIQVk7j

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks