General

  • Target

    e5fc6fa50c096e7ee056158a331d0200N.exe

  • Size

    91KB

  • Sample

    240818-e5hmcsybrq

  • MD5

    e5fc6fa50c096e7ee056158a331d0200

  • SHA1

    d7292ca52636ea62d551c18ca0bf63cae80bf13b

  • SHA256

    554aec069a031be28fab52f26ffde3c76901b0d124f436dda23112b3a326858b

  • SHA512

    e0a5d728ab4e9424b6c8ee3bff3338093cd34ee6eb1cc9b4e385e6013443cba77eb61dbcc85de7df56b03e5582f20feaa48a5ee9235024377d68a0770140b6ef

  • SSDEEP

    768:v8GZeFkVOto7arfPiVXmbt2ELhtIh5YgnPaxJjoRY8TkCbIEhr3/iTnRVOR1MY43:vWFkoomm8RLhtIbYgna6LkMPVR1SpNv

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Targets

    • Target

      e5fc6fa50c096e7ee056158a331d0200N.exe

    • Size

      91KB

    • MD5

      e5fc6fa50c096e7ee056158a331d0200

    • SHA1

      d7292ca52636ea62d551c18ca0bf63cae80bf13b

    • SHA256

      554aec069a031be28fab52f26ffde3c76901b0d124f436dda23112b3a326858b

    • SHA512

      e0a5d728ab4e9424b6c8ee3bff3338093cd34ee6eb1cc9b4e385e6013443cba77eb61dbcc85de7df56b03e5582f20feaa48a5ee9235024377d68a0770140b6ef

    • SSDEEP

      768:v8GZeFkVOto7arfPiVXmbt2ELhtIh5YgnPaxJjoRY8TkCbIEhr3/iTnRVOR1MY43:vWFkoomm8RLhtIbYgna6LkMPVR1SpNv

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks