General

  • Target

    4266162511897dafbb0e9428da74d3a0N.exe

  • Size

    309KB

  • Sample

    240718-bpbmbs1hmg

  • MD5

    4266162511897dafbb0e9428da74d3a0

  • SHA1

    eb2541ece45e3f3a66236be147389c785a8b3560

  • SHA256

    f4cd82ce764e25ecbf3b5c7eae612b80ead673fd0972bbb2ade03d13e7cb04d0

  • SHA512

    96b9f524d625b7febf3d6597114514bc455437a7e5fea440bb5a68fac0d18cbc41763c16f6688656a834112ac87e295fcf9313777899fe406d5392eb601ba921

  • SSDEEP

    6144:4mSKwEPJdpCL/pkwU0Z2e/epMzFaguuuuuuuuuuuuuuuuuuuu6111111111GuuuT:4mSmpCLBkwFkWw1111111111PW8Gh

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

hhhhhhhhhhhh

C2

147.185.221.20:36100

Mutex

f656afb493902a1bbc08f2be8001048a

Attributes
  • reg_key

    f656afb493902a1bbc08f2be8001048a

  • splitter

    |'|'|

Targets

    • Target

      4266162511897dafbb0e9428da74d3a0N.exe

    • Size

      309KB

    • MD5

      4266162511897dafbb0e9428da74d3a0

    • SHA1

      eb2541ece45e3f3a66236be147389c785a8b3560

    • SHA256

      f4cd82ce764e25ecbf3b5c7eae612b80ead673fd0972bbb2ade03d13e7cb04d0

    • SHA512

      96b9f524d625b7febf3d6597114514bc455437a7e5fea440bb5a68fac0d18cbc41763c16f6688656a834112ac87e295fcf9313777899fe406d5392eb601ba921

    • SSDEEP

      6144:4mSKwEPJdpCL/pkwU0Z2e/epMzFaguuuuuuuuuuuuuuuuuuuu6111111111GuuuT:4mSmpCLBkwFkWw1111111111PW8Gh

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks