General

  • Target

    Server.exe

  • Size

    37KB

  • Sample

    240928-t2fe6avgqp

  • MD5

    1017e5b6de8a0c5b1dba9df5e897cd61

  • SHA1

    562ca58caaa643bd5de025a8f776f0ae02befc1c

  • SHA256

    94835feda11875acad5156be4e5415324de8d5565c0655a5a8466cc89bd62914

  • SHA512

    1b351487495d646b14b22ccf965c608e8faa7ee1c56394b717ed31c137f90d6fc748e9494cb32ed6ae88d6e6784d320fbebde2db1ae5e7ad10757bdd84f31275

  • SSDEEP

    384:Hv5Zjj6icFri5Z7JAyk/G4OvhRZea6FwrAF+rMRTyN/0L+EcoinblneHQM3epzXP:P5LHJ7k/G4ObZr6GrM+rMRa8Nu6g9vt

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

ضحايا Repo

C2

147.185.221.21:49795

Mutex

f291972a40b718fa583ad65b4ccb4602

Attributes
  • reg_key

    f291972a40b718fa583ad65b4ccb4602

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      37KB

    • MD5

      1017e5b6de8a0c5b1dba9df5e897cd61

    • SHA1

      562ca58caaa643bd5de025a8f776f0ae02befc1c

    • SHA256

      94835feda11875acad5156be4e5415324de8d5565c0655a5a8466cc89bd62914

    • SHA512

      1b351487495d646b14b22ccf965c608e8faa7ee1c56394b717ed31c137f90d6fc748e9494cb32ed6ae88d6e6784d320fbebde2db1ae5e7ad10757bdd84f31275

    • SSDEEP

      384:Hv5Zjj6icFri5Z7JAyk/G4OvhRZea6FwrAF+rMRTyN/0L+EcoinblneHQM3epzXP:P5LHJ7k/G4ObZr6GrM+rMRa8Nu6g9vt

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.