General

  • Target

    avoidCliente.exe

  • Size

    37KB

  • Sample

    240625-hv3rbswaqf

  • MD5

    9e9765a5549fb8b4f9d4f026e374d874

  • SHA1

    6ca383c286cbff376d36c45856292619361bb386

  • SHA256

    7a910ee59e535b1fd03d25973b7a1df5b831e80fda0d659f51eae4e424836c32

  • SHA512

    e5515445d5596b1e14ad22f1d4cb62513faabd98d7c140d322236ca1f3cd88fc95053afdebe6f351daaf873da6b80b3e459e61352f2f68b872022ada978abe72

  • SSDEEP

    384:IW9caCisN/WRdL5kyc/vmXhgngKKVCprAF+rMRTyN/0L+EcoinblneHQM3epzXLc:t9ciD5nc/vmq9KOrM+rMRa8Nul0t

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

valorant

C2

rmlaraujo135.ddns.net:1100

Mutex

d58117be7cf93c2d036efe3a9131b697

Attributes
  • reg_key

    d58117be7cf93c2d036efe3a9131b697

  • splitter

    |'|'|

Targets

    • Target

      avoidCliente.exe

    • Size

      37KB

    • MD5

      9e9765a5549fb8b4f9d4f026e374d874

    • SHA1

      6ca383c286cbff376d36c45856292619361bb386

    • SHA256

      7a910ee59e535b1fd03d25973b7a1df5b831e80fda0d659f51eae4e424836c32

    • SHA512

      e5515445d5596b1e14ad22f1d4cb62513faabd98d7c140d322236ca1f3cd88fc95053afdebe6f351daaf873da6b80b3e459e61352f2f68b872022ada978abe72

    • SSDEEP

      384:IW9caCisN/WRdL5kyc/vmXhgngKKVCprAF+rMRTyN/0L+EcoinblneHQM3epzXLc:t9ciD5nc/vmq9KOrM+rMRa8Nul0t

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks