General

  • Target

    eeda3eefdcbfcd46524bddea787e39e0N

  • Size

    23KB

  • Sample

    240912-3gccfasbmd

  • MD5

    eeda3eefdcbfcd46524bddea787e39e0

  • SHA1

    0d9e04536628cba9306bc4575614027630ecd31e

  • SHA256

    fcc3d791a117bbffe7893abdae3637feb8076b873e8a285c1f3adb4125f4ecf9

  • SHA512

    6dfb21f6eb84a046a40634b48f3c2cfea743543794e478049d31d890f350f5ed96fb35d16b9f10a1ec980d51b9cedc35973a53e0771bc6ed5beb872e1c46ca2b

  • SSDEEP

    384:UoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZIF:D7O89p2rRpcnuL

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.1.11:5552

Mutex

7657c14284185fbd3fb108b43c7467ba

Attributes
  • reg_key

    7657c14284185fbd3fb108b43c7467ba

  • splitter

    |'|'|

Targets

    • Target

      eeda3eefdcbfcd46524bddea787e39e0N

    • Size

      23KB

    • MD5

      eeda3eefdcbfcd46524bddea787e39e0

    • SHA1

      0d9e04536628cba9306bc4575614027630ecd31e

    • SHA256

      fcc3d791a117bbffe7893abdae3637feb8076b873e8a285c1f3adb4125f4ecf9

    • SHA512

      6dfb21f6eb84a046a40634b48f3c2cfea743543794e478049d31d890f350f5ed96fb35d16b9f10a1ec980d51b9cedc35973a53e0771bc6ed5beb872e1c46ca2b

    • SSDEEP

      384:UoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZIF:D7O89p2rRpcnuL

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks