General
-
Target
7ea53bbc3f1b3b7f8ad0384d2a0eab70N.exe
-
Size
29KB
-
Sample
240828-176ymayhlc
-
MD5
7ea53bbc3f1b3b7f8ad0384d2a0eab70
-
SHA1
ae0285e3567a4cad47e28d126b1a67d28d4622a1
-
SHA256
f3f9e98f471d4773e34e9c17046dcb979ce814b7ec57ab06d8a6374e5092dacb
-
SHA512
67a483079304274cfe2196f5196246f2cce98dcf56bb118e989ad8bb5d763a29c1371d9666eacf801f43a0f41a9b76f52b5b6443f1a803ef9d384a4a06e66577
-
SSDEEP
384:dhpQjtl7jBnoKoK3JX15nHK4GumqDAEReIlGBsbh0w4wlAokw9OhgOL1vYRGOZzw:d27hoKoGJFNK4Aq1RehBKh0p29SgRdO
Malware Config
Extracted
njrat
0.6.4
HacKed
127.0.0.1:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Targets
-
-
Target
7ea53bbc3f1b3b7f8ad0384d2a0eab70N.exe
-
Size
29KB
-
MD5
7ea53bbc3f1b3b7f8ad0384d2a0eab70
-
SHA1
ae0285e3567a4cad47e28d126b1a67d28d4622a1
-
SHA256
f3f9e98f471d4773e34e9c17046dcb979ce814b7ec57ab06d8a6374e5092dacb
-
SHA512
67a483079304274cfe2196f5196246f2cce98dcf56bb118e989ad8bb5d763a29c1371d9666eacf801f43a0f41a9b76f52b5b6443f1a803ef9d384a4a06e66577
-
SSDEEP
384:dhpQjtl7jBnoKoK3JX15nHK4GumqDAEReIlGBsbh0w4wlAokw9OhgOL1vYRGOZzw:d27hoKoGJFNK4Aq1RehBKh0p29SgRdO
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1