General
-
Target
4b421db93299565c4a136f1219339f3c7c3e19a8bd215c911a98066715ac3fd3N
-
Size
23KB
-
Sample
241002-wrcbvszcnn
-
MD5
d3c4e56ec73b0276ca00a93aa39464f0
-
SHA1
06b8581db422422554a2c5a0356ebb3fa7860c65
-
SHA256
4b421db93299565c4a136f1219339f3c7c3e19a8bd215c911a98066715ac3fd3
-
SHA512
39c9c05754c7588f4dbf8261bd1aec98bf7c7c46a80e22be842d458cbc3a5eacd25efc5e2ecdebc9835347cdfe64016b7174c9b03e38c81d45bd919c1f0973b3
-
SSDEEP
384:XcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZmhz:s30py6vhxaRpcnulJ
Malware Config
Extracted
njrat
0.7d
s1
fahad26smsm.duckdns.org:1165
bb9e9fd0a962e09ebc4f64fb10159bf7
-
reg_key
bb9e9fd0a962e09ebc4f64fb10159bf7
-
splitter
|'|'|
Targets
-
-
Target
4b421db93299565c4a136f1219339f3c7c3e19a8bd215c911a98066715ac3fd3N
-
Size
23KB
-
MD5
d3c4e56ec73b0276ca00a93aa39464f0
-
SHA1
06b8581db422422554a2c5a0356ebb3fa7860c65
-
SHA256
4b421db93299565c4a136f1219339f3c7c3e19a8bd215c911a98066715ac3fd3
-
SHA512
39c9c05754c7588f4dbf8261bd1aec98bf7c7c46a80e22be842d458cbc3a5eacd25efc5e2ecdebc9835347cdfe64016b7174c9b03e38c81d45bd919c1f0973b3
-
SSDEEP
384:XcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZmhz:s30py6vhxaRpcnulJ
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1