General

  • Target

    BootstrapperV1.26.exe

  • Size

    863KB

  • Sample

    241005-swt6pawcjj

  • MD5

    cc3f2a1f63f68e4014bc3b8a0d3ddf7c

  • SHA1

    82eb314b035f073332a7a4a9a10449513ccc1d03

  • SHA256

    43182b7bf6f7d1c9e18f1c3f9dd916986d6adb81928ee0b2e57d6572d22bca4a

  • SHA512

    6f6839fb986475b0b8d95132a5588c9d0f956e8b9cc1d894fc755cc8d365a11daba321a05aac1db295586a4d3a2b290c7ea80446948c57c4af0d33f21dd5f2da

  • SSDEEP

    12288:TATougEx9nCvJ4f05oOGoGH/j0MNVcfzJXcBPXBNr8L5h:k0NY9CvzoVoGH/j0ucrJXOu

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

31

C2

txx8luo.localto.net:3989

Mutex

0f4f57f0b5499edfd1915b0e98cfe851

Attributes
  • reg_key

    0f4f57f0b5499edfd1915b0e98cfe851

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      BootstrapperV1.26.exe

    • Size

      863KB

    • MD5

      cc3f2a1f63f68e4014bc3b8a0d3ddf7c

    • SHA1

      82eb314b035f073332a7a4a9a10449513ccc1d03

    • SHA256

      43182b7bf6f7d1c9e18f1c3f9dd916986d6adb81928ee0b2e57d6572d22bca4a

    • SHA512

      6f6839fb986475b0b8d95132a5588c9d0f956e8b9cc1d894fc755cc8d365a11daba321a05aac1db295586a4d3a2b290c7ea80446948c57c4af0d33f21dd5f2da

    • SSDEEP

      12288:TATougEx9nCvJ4f05oOGoGH/j0MNVcfzJXcBPXBNr8L5h:k0NY9CvzoVoGH/j0ucrJXOu

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.