General

  • Target

    2e0656fbcdbb1ba882443557bec06b5360d323e17466d372f3cc945f1ddd0ff5

  • Size

    104KB

  • Sample

    240817-y8kexaxgnp

  • MD5

    24cdc66f6ee227532af4ae2a409fa536

  • SHA1

    e8d257dc6fbd79283bcbd43ac9a29bb7a1aff818

  • SHA256

    2e0656fbcdbb1ba882443557bec06b5360d323e17466d372f3cc945f1ddd0ff5

  • SHA512

    4b4ca55b15657e837aef408e2fbfc3e0541976d816e3498826748e941b421d1a12aecce6b972b52614af7fa1fbb04081c52f843c082a8110a55e2382332570c0

  • SSDEEP

    3072:DnnMA6NsLcoPV187pNCB1ZfKhmnpRnIw2x:DMbs8avfKhmnpR

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

CHIKO-VIP

C2

volkatv500.sytes.net:999

Mutex

acac764b468c1d76dc056f8c9d20ddf0

Attributes
  • reg_key

    acac764b468c1d76dc056f8c9d20ddf0

  • splitter

    |'|'|

Targets

    • Target

      2e0656fbcdbb1ba882443557bec06b5360d323e17466d372f3cc945f1ddd0ff5

    • Size

      104KB

    • MD5

      24cdc66f6ee227532af4ae2a409fa536

    • SHA1

      e8d257dc6fbd79283bcbd43ac9a29bb7a1aff818

    • SHA256

      2e0656fbcdbb1ba882443557bec06b5360d323e17466d372f3cc945f1ddd0ff5

    • SHA512

      4b4ca55b15657e837aef408e2fbfc3e0541976d816e3498826748e941b421d1a12aecce6b972b52614af7fa1fbb04081c52f843c082a8110a55e2382332570c0

    • SSDEEP

      3072:DnnMA6NsLcoPV187pNCB1ZfKhmnpRnIw2x:DMbs8avfKhmnpR

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks