General
-
Target
20cef431aae4d318b4ceff66ffc674c078c2dc63e5788b15c26d5ce4be388dc8N
-
Size
135KB
-
Sample
240927-ygg6gaydlh
-
MD5
5944a57ec407064cc5151f690a4382d0
-
SHA1
8ddad85749c0d27636bd560d8228578747146cd8
-
SHA256
20cef431aae4d318b4ceff66ffc674c078c2dc63e5788b15c26d5ce4be388dc8
-
SHA512
e69c36b62516aae55af5fc7d1c3712266d25238b2ee320e08a397096d4c77f3c7e861600e59916f4a8087ce8d2c6c5b91db35223240ec1379fd63171f6798a86
-
SSDEEP
1536:PC+EK/Ni4mT4s/ncQg93CVpqL22nIebr7uwCCyrAK9AGTr1U+VFco8sm3pKZZtC+:0cNRs/nbgZwY22zbeAcAGT2+QotTjBoK
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
279f6960ed84a752570aca7fb2dc1552
-
reg_key
279f6960ed84a752570aca7fb2dc1552
-
splitter
|'|'|
Targets
-
-
Target
20cef431aae4d318b4ceff66ffc674c078c2dc63e5788b15c26d5ce4be388dc8N
-
Size
135KB
-
MD5
5944a57ec407064cc5151f690a4382d0
-
SHA1
8ddad85749c0d27636bd560d8228578747146cd8
-
SHA256
20cef431aae4d318b4ceff66ffc674c078c2dc63e5788b15c26d5ce4be388dc8
-
SHA512
e69c36b62516aae55af5fc7d1c3712266d25238b2ee320e08a397096d4c77f3c7e861600e59916f4a8087ce8d2c6c5b91db35223240ec1379fd63171f6798a86
-
SSDEEP
1536:PC+EK/Ni4mT4s/ncQg93CVpqL22nIebr7uwCCyrAK9AGTr1U+VFco8sm3pKZZtC+:0cNRs/nbgZwY22zbeAcAGT2+QotTjBoK
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1