General

  • Target

    c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4N

  • Size

    23KB

  • Sample

    240928-vrm8paxapq

  • MD5

    877b6a6f72faa6b0116aca386eda31c0

  • SHA1

    7662c9661b815724aa24524dad25cd830c6a3f46

  • SHA256

    c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4

  • SHA512

    57665b6d27d6ec0f37f54c0a1035d8b2b43bb5b96bcb362f5cfc5381c001a35bdc5f613d004b15ad23148758dc9bff1da93114b1f210694ab930a32c0f476435

  • SSDEEP

    384:08aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZpD:TXcwt3tRpcnua

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:1978

Mutex

33f9e1d6fefce618b71a50ca08e3da67

Attributes
  • reg_key

    33f9e1d6fefce618b71a50ca08e3da67

  • splitter

    |'|'|

Targets

    • Target

      c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4N

    • Size

      23KB

    • MD5

      877b6a6f72faa6b0116aca386eda31c0

    • SHA1

      7662c9661b815724aa24524dad25cd830c6a3f46

    • SHA256

      c23e5c3cd0787708772eeb611bcf95e0fcabeacc1a276e2fdf4a95ced33a7de4

    • SHA512

      57665b6d27d6ec0f37f54c0a1035d8b2b43bb5b96bcb362f5cfc5381c001a35bdc5f613d004b15ad23148758dc9bff1da93114b1f210694ab930a32c0f476435

    • SSDEEP

      384:08aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZpD:TXcwt3tRpcnua

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.