General

  • Target

    4e5a132f843257037445628396c656b9.exe

  • Size

    23KB

  • Sample

    240927-pj8lrssdlq

  • MD5

    4e5a132f843257037445628396c656b9

  • SHA1

    378c17d0f6ed512dbe5a43cd565549a80808bd62

  • SHA256

    e2c457f18c1063a235f962572ee6f6d49ddfbeba92599470b94b5fa2c3c237e1

  • SHA512

    8252a3a38a0fe038ba06830d3c703ea93828ebca045b4f465669798cef515910239eb16e9c36b4a7ab114ac15fbc7538a92b31ff578f4cc6f7635e7fc24d6d9c

  • SSDEEP

    384:Vk8aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZIo8:N589tXvRpcnur

Malware Config

Extracted

Family

njrat

Version

Madest 0.7d

Botnet

HacKed

C2

steam.buy-nitro.ru:5555

Mutex

09df2bd777d1a884c3a89c8a9ba5e4a2

Attributes
  • reg_key

    09df2bd777d1a884c3a89c8a9ba5e4a2

  • splitter

    |'|'|

Targets

    • Target

      4e5a132f843257037445628396c656b9.exe

    • Size

      23KB

    • MD5

      4e5a132f843257037445628396c656b9

    • SHA1

      378c17d0f6ed512dbe5a43cd565549a80808bd62

    • SHA256

      e2c457f18c1063a235f962572ee6f6d49ddfbeba92599470b94b5fa2c3c237e1

    • SHA512

      8252a3a38a0fe038ba06830d3c703ea93828ebca045b4f465669798cef515910239eb16e9c36b4a7ab114ac15fbc7538a92b31ff578f4cc6f7635e7fc24d6d9c

    • SSDEEP

      384:Vk8aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZIo8:N589tXvRpcnur

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks