General
-
Target
https://e.pcloud.link/publink/show?code=XZjnaPZ3z836WvLHFYjz6QYckVa24NrS6GV
-
Sample
240921-s8h9ys1akq
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Platinum
Botnet
HacKed
C2
127.0.0.1:14474
Mutex
Client.exe
Attributes
-
reg_key
Client.exe
-
splitter
|Ghost|
Targets
-
-
Target
https://e.pcloud.link/publink/show?code=XZjnaPZ3z836WvLHFYjz6QYckVa24NrS6GV
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1