General
-
Target
ae9ba2145b99bca3d87d444a47246a5bcd426993c74733faf4892d20e195d6b0.exe
-
Size
23KB
-
Sample
240927-rbf8naybnb
-
MD5
5df583ec3d0da73461aa193c2aea4d23
-
SHA1
1841a11cb50fa14470a98a469547ee9169df1caf
-
SHA256
ae9ba2145b99bca3d87d444a47246a5bcd426993c74733faf4892d20e195d6b0
-
SHA512
f8f7defd5348380905ab2e3906b671a46506eda7909514bf6b10a3c541b5f35e4e0d5c6563c82f972125b79d6f079218d1870d3880dcad0f4ec82a2a5cf505b6
-
SSDEEP
384:nUn+E+NGW9JQFOp8AliM6vbS1puwJViz6RvlVUPVsWGsK5f9D:xGGKW6vbUpuY2cF
Malware Config
Extracted
njrat
0.7d
NEW
sharrych.ddns.net:5556
723520b640cb39476dbbd3d566c664da
-
reg_key
723520b640cb39476dbbd3d566c664da
-
splitter
|'|'|
Targets
-
-
Target
ae9ba2145b99bca3d87d444a47246a5bcd426993c74733faf4892d20e195d6b0.exe
-
Size
23KB
-
MD5
5df583ec3d0da73461aa193c2aea4d23
-
SHA1
1841a11cb50fa14470a98a469547ee9169df1caf
-
SHA256
ae9ba2145b99bca3d87d444a47246a5bcd426993c74733faf4892d20e195d6b0
-
SHA512
f8f7defd5348380905ab2e3906b671a46506eda7909514bf6b10a3c541b5f35e4e0d5c6563c82f972125b79d6f079218d1870d3880dcad0f4ec82a2a5cf505b6
-
SSDEEP
384:nUn+E+NGW9JQFOp8AliM6vbS1puwJViz6RvlVUPVsWGsK5f9D:xGGKW6vbUpuY2cF
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1