General
-
Target
49e686db686ea8dc3e3eebd8b35e461f062684de3ca06fc3d8b4664b3f175f62
-
Size
37KB
-
Sample
241005-zv2byaxekb
-
MD5
1bcf67c1f8bc98427e91ef1f55b08543
-
SHA1
5027465199412f584324cdd9b7cfe2cc72a356cd
-
SHA256
49e686db686ea8dc3e3eebd8b35e461f062684de3ca06fc3d8b4664b3f175f62
-
SHA512
15048ea869527dc6cafc04f18edc4c77d8e3d160525386db3ff70a3810e61c4822d39e6e505cd6264789acfa9f7bf705b389f7a56833fc0844f8a19b722bf5c8
-
SSDEEP
384:tLGQqQilwhHeTnMGiyMTl03HOj3YTrrAF+rMRTyN/0L+EcoinblneHQM3epzXPNp:7rSMGxMTl0ejY/rM+rMRa8Nu15t
Malware Config
Extracted
njrat
im523
AB
gman123.duckdns.org:5552
a7dbbfe19f5aa2c19ff5ee9aac621d3e
-
reg_key
a7dbbfe19f5aa2c19ff5ee9aac621d3e
-
splitter
|'|'|
Targets
-
-
Target
49e686db686ea8dc3e3eebd8b35e461f062684de3ca06fc3d8b4664b3f175f62
-
Size
37KB
-
MD5
1bcf67c1f8bc98427e91ef1f55b08543
-
SHA1
5027465199412f584324cdd9b7cfe2cc72a356cd
-
SHA256
49e686db686ea8dc3e3eebd8b35e461f062684de3ca06fc3d8b4664b3f175f62
-
SHA512
15048ea869527dc6cafc04f18edc4c77d8e3d160525386db3ff70a3810e61c4822d39e6e505cd6264789acfa9f7bf705b389f7a56833fc0844f8a19b722bf5c8
-
SSDEEP
384:tLGQqQilwhHeTnMGiyMTl03HOj3YTrrAF+rMRTyN/0L+EcoinblneHQM3epzXPNp:7rSMGxMTl0ejY/rM+rMRa8Nu15t
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1