General
-
Target
1db41e3285f0819f9f614052a76500038e9ec2433550c240aeceb2787b235808.exe
-
Size
31KB
-
Sample
240928-l14glasbng
-
MD5
582a25b26ea78d97686c3abf2732f80f
-
SHA1
a487f6870657f903dc947cf6bdd2055f8c2d4294
-
SHA256
1db41e3285f0819f9f614052a76500038e9ec2433550c240aeceb2787b235808
-
SHA512
ff167451e32b6aaef5bcf10bc784fdbc4ce9eb1bfd6bfdb44b747ede8587b4f69f15a06b659c3ca42ef4a65c30ecef1da9c059bf6ea7d74ce86e8b5267b7d9bd
-
SSDEEP
768:KvZghV5VXPKzxF+dt+XKvJ+rvajQmIDUu0ti84j:tfqciYQVkEj
Malware Config
Extracted
njrat
0.7d
MyBot
127.0.0.1:8080
9e549438c56317b24cd87c987b694da8
-
reg_key
9e549438c56317b24cd87c987b694da8
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
1db41e3285f0819f9f614052a76500038e9ec2433550c240aeceb2787b235808.exe
-
Size
31KB
-
MD5
582a25b26ea78d97686c3abf2732f80f
-
SHA1
a487f6870657f903dc947cf6bdd2055f8c2d4294
-
SHA256
1db41e3285f0819f9f614052a76500038e9ec2433550c240aeceb2787b235808
-
SHA512
ff167451e32b6aaef5bcf10bc784fdbc4ce9eb1bfd6bfdb44b747ede8587b4f69f15a06b659c3ca42ef4a65c30ecef1da9c059bf6ea7d74ce86e8b5267b7d9bd
-
SSDEEP
768:KvZghV5VXPKzxF+dt+XKvJ+rvajQmIDUu0ti84j:tfqciYQVkEj
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1