General

  • Target

    2f1e98961bfdeb89531498458f89c6f0N

  • Size

    23KB

  • Sample

    240911-tvwhsszgkp

  • MD5

    2f1e98961bfdeb89531498458f89c6f0

  • SHA1

    50f64a5b0a3a6227fadf21dcf3ad69b1cd67b808

  • SHA256

    a668ae5830f4df6d2947cd3b14086d4f1809609832201f4eb5e316e35e2557ba

  • SHA512

    b896024e70909edf0a2998fe3407b882aa69fac412fefb17ed06ea2959a76417f15879f821440cb673697d90d946ea61c14b20d11446b645b12dbda0b2a18737

  • SSDEEP

    384:VYmdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXN1mRvR6JZlbw8hqIusZzZwY0m:qwWkti/aiRpcnutm

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

voldemort1997.ddns.net:1997

Mutex

c9fe0195c728a9b739032a3378a1fa73

Attributes
  • reg_key

    c9fe0195c728a9b739032a3378a1fa73

  • splitter

    |'|'|

Targets

    • Target

      2f1e98961bfdeb89531498458f89c6f0N

    • Size

      23KB

    • MD5

      2f1e98961bfdeb89531498458f89c6f0

    • SHA1

      50f64a5b0a3a6227fadf21dcf3ad69b1cd67b808

    • SHA256

      a668ae5830f4df6d2947cd3b14086d4f1809609832201f4eb5e316e35e2557ba

    • SHA512

      b896024e70909edf0a2998fe3407b882aa69fac412fefb17ed06ea2959a76417f15879f821440cb673697d90d946ea61c14b20d11446b645b12dbda0b2a18737

    • SSDEEP

      384:VYmdk8XvCJrQLdRGSiEYF7Y65gPyx6BDXN1mRvR6JZlbw8hqIusZzZwY0m:qwWkti/aiRpcnutm

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks