General

  • Target

    abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N

  • Size

    1.3MB

  • Sample

    241004-3k4k4aserl

  • MD5

    0d0e5d826209927eb07f4e393eff6f90

  • SHA1

    0cc3c1a211c87f4b13aea8a53b043dcdc0a375d9

  • SHA256

    abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477

  • SHA512

    7750dfff7fe5138c8850e2141cd1e7b7c44b95a7693c82056bdf9372bea7033ce93b4ec558533afdefb63d99885822f2c9dda4e18cfc7fa3ee266c9663fdd0f3

  • SSDEEP

    24576:L8EX1B+OLhKrDdPGrevewoRpaK8ui+8qG7Edy3+0:9Brm685j3+0

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

vnhax

C2

fr3onm9r.ddns.net:5566

Mutex

dae31c02cb06222e776b9ccb9207edb1

Attributes
  • reg_key

    dae31c02cb06222e776b9ccb9207edb1

  • splitter

    |'|'|

Targets

    • Target

      abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477N

    • Size

      1.3MB

    • MD5

      0d0e5d826209927eb07f4e393eff6f90

    • SHA1

      0cc3c1a211c87f4b13aea8a53b043dcdc0a375d9

    • SHA256

      abe7301bf2f32f652c0317068168387a2828f27d1c755e2fda2336c0208c7477

    • SHA512

      7750dfff7fe5138c8850e2141cd1e7b7c44b95a7693c82056bdf9372bea7033ce93b4ec558533afdefb63d99885822f2c9dda4e18cfc7fa3ee266c9663fdd0f3

    • SSDEEP

      24576:L8EX1B+OLhKrDdPGrevewoRpaK8ui+8qG7Edy3+0:9Brm685j3+0

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • ModiLoader Second Stage

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.