General

  • Target

    7abd36fd92bf444bcb8472ea1826d8e0N.exe

  • Size

    115KB

  • Sample

    240813-q79z6ssarp

  • MD5

    7abd36fd92bf444bcb8472ea1826d8e0

  • SHA1

    88a481771faf9222dac2cf0527df77924718e50e

  • SHA256

    caad0b85aaaf8044a8a4482cae5b1908295f68378a8c5cad31dad01024cabe82

  • SHA512

    d43ad84cede27c5b7ff33befea5c655331d82ffdccf98659af7021d5334238a186f9214c9795a927daf4dcda75c6d9cbc440300047ee550ac7d816159c3ec684

  • SSDEEP

    1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMDL10:P5eznsjsguGDFqGZ2rDL10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

neuf

C2

doddyfire.linkpc.net:10000

Mutex

e1a87040f2026369a233f9ae76301b7b

Attributes
  • reg_key

    e1a87040f2026369a233f9ae76301b7b

  • splitter

    |'|'|

Targets

    • Target

      7abd36fd92bf444bcb8472ea1826d8e0N.exe

    • Size

      115KB

    • MD5

      7abd36fd92bf444bcb8472ea1826d8e0

    • SHA1

      88a481771faf9222dac2cf0527df77924718e50e

    • SHA256

      caad0b85aaaf8044a8a4482cae5b1908295f68378a8c5cad31dad01024cabe82

    • SHA512

      d43ad84cede27c5b7ff33befea5c655331d82ffdccf98659af7021d5334238a186f9214c9795a927daf4dcda75c6d9cbc440300047ee550ac7d816159c3ec684

    • SSDEEP

      1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMDL10:P5eznsjsguGDFqGZ2rDL10

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks