General
-
Target
c05810490197b27f3c99a34c41cd1bc5dc195c7d1c29eef1212fa2fa96ec9482N
-
Size
93KB
-
Sample
240919-exrkas1clm
-
MD5
891605f96c3344c75508bbe0497719a0
-
SHA1
cf1113f3415b43dc0f28cc2d8e24a4d231bd094b
-
SHA256
c05810490197b27f3c99a34c41cd1bc5dc195c7d1c29eef1212fa2fa96ec9482
-
SHA512
65075640fad199984554bcca2bf3cf97c723e924e5fca7dcf889adf884004251962da05941f7a7517d4c79e056fde033077f932c613bad398c9887d76909aad7
-
SSDEEP
768:TY3/upD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3ysGb:6uLOx6baIa9RPj00ljEwzGi1dDODHgS
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
127.0.0.1:5552
91fbfc101cf843209df3ad6806423342
-
reg_key
91fbfc101cf843209df3ad6806423342
-
splitter
|'|'|
Targets
-
-
Target
c05810490197b27f3c99a34c41cd1bc5dc195c7d1c29eef1212fa2fa96ec9482N
-
Size
93KB
-
MD5
891605f96c3344c75508bbe0497719a0
-
SHA1
cf1113f3415b43dc0f28cc2d8e24a4d231bd094b
-
SHA256
c05810490197b27f3c99a34c41cd1bc5dc195c7d1c29eef1212fa2fa96ec9482
-
SHA512
65075640fad199984554bcca2bf3cf97c723e924e5fca7dcf889adf884004251962da05941f7a7517d4c79e056fde033077f932c613bad398c9887d76909aad7
-
SSDEEP
768:TY3/upD9O/pBcxYsbae6GIXb9pDX2b98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk3ysGb:6uLOx6baIa9RPj00ljEwzGi1dDODHgS
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1