General

  • Target

    6be6cbde39d8eb868c93405c73566090N.exe

  • Size

    23KB

  • Sample

    240831-kxrsyswapj

  • MD5

    6be6cbde39d8eb868c93405c73566090

  • SHA1

    09a93a29ebf8912f789af5be47d98007bce58643

  • SHA256

    cb3e649318257769f753a62ad57cd84b42acdeaa70115cf73078cd2dff725ad5

  • SHA512

    7f1eb37eccbd98195b91984014c640defbe04271d147cb3e83454d6b5f68cfcee180fc8cfa6f5ac37f034ec7008d27776a43f2a666c281d75bda48505f0fb4a7

  • SSDEEP

    384:BY324bcgPiJLQrfARGSRUJsbY6vgvSMBD3t8mRvR6JZlbw8hqIusZzZ9CTFy:2L2s+tRARpcnuQwU

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.192.64:1337

Mutex

3aebaaceb5f1665ccb625e37d933a052

Attributes
  • reg_key

    3aebaaceb5f1665ccb625e37d933a052

  • splitter

    |'|'|

Targets

    • Target

      6be6cbde39d8eb868c93405c73566090N.exe

    • Size

      23KB

    • MD5

      6be6cbde39d8eb868c93405c73566090

    • SHA1

      09a93a29ebf8912f789af5be47d98007bce58643

    • SHA256

      cb3e649318257769f753a62ad57cd84b42acdeaa70115cf73078cd2dff725ad5

    • SHA512

      7f1eb37eccbd98195b91984014c640defbe04271d147cb3e83454d6b5f68cfcee180fc8cfa6f5ac37f034ec7008d27776a43f2a666c281d75bda48505f0fb4a7

    • SSDEEP

      384:BY324bcgPiJLQrfARGSRUJsbY6vgvSMBD3t8mRvR6JZlbw8hqIusZzZ9CTFy:2L2s+tRARpcnuQwU

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks