General

  • Target

    5ab5b97c731c5898e22153fa6bf4336739faaf9304fe665b89bd4e87955e1ef3

  • Size

    854KB

  • Sample

    240624-k3tjqsxgln

  • MD5

    092197456099d4a6b908239144fd79be

  • SHA1

    e1626d4912665bf0f8ebf8ac1298396a6a670b61

  • SHA256

    5ab5b97c731c5898e22153fa6bf4336739faaf9304fe665b89bd4e87955e1ef3

  • SHA512

    c20067eac3a0279b33f74712c7fa703622d7bc02b8901ea802035045bc30ffc0b8014d82f9bf3af9cf6e4905f4e44493de0f06bea261cd00f3e759c8cd036100

  • SSDEEP

    12288:Knh95Si0CtXjOv9xObOhrq5/n2ZwyifuAgm69ahWFDBXs+rcnIOoBwP0YSr7ombt:KnTswXPU/rflCzkwsY4n5GBzjs

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

TANTUNİ YIHYIHYIH

C2

2.kingx.info:1177

Mutex

11ce597da482a8d03c61b182214eee0d

Attributes
  • reg_key

    11ce597da482a8d03c61b182214eee0d

  • splitter

    |'|'|

Targets

    • Target

      5ab5b97c731c5898e22153fa6bf4336739faaf9304fe665b89bd4e87955e1ef3

    • Size

      854KB

    • MD5

      092197456099d4a6b908239144fd79be

    • SHA1

      e1626d4912665bf0f8ebf8ac1298396a6a670b61

    • SHA256

      5ab5b97c731c5898e22153fa6bf4336739faaf9304fe665b89bd4e87955e1ef3

    • SHA512

      c20067eac3a0279b33f74712c7fa703622d7bc02b8901ea802035045bc30ffc0b8014d82f9bf3af9cf6e4905f4e44493de0f06bea261cd00f3e759c8cd036100

    • SSDEEP

      12288:Knh95Si0CtXjOv9xObOhrq5/n2ZwyifuAgm69ahWFDBXs+rcnIOoBwP0YSr7ombt:KnTswXPU/rflCzkwsY4n5GBzjs

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks