General

  • Target

    2792-29-0x00000000002A0000-0x0000000000B6A000-memory.dmp

  • Size

    8.8MB

  • Sample

    241007-k91xdsxerk

  • MD5

    dc12c3ed6545883e412fd53aee9f9bc8

  • SHA1

    745727e55ea35ef91fdae244f1d09f146309090c

  • SHA256

    590383f4bc81eb472544475d3f93b43967d12d499a1bc46e031d7cd5001d348c

  • SHA512

    eef34bca2e27e0e1ea61c12d82a85407a852b7ef236c4d6a91ec2e85a9be4a85219363759dbb2db23744c7772b9ccd0209977621a681f1345fa5754bfe30be4c

  • SSDEEP

    196608:Ryz6ERB80Yd/m9r8IstNEcOq+OM2OYje:RI6ERBud/m9rmDOezj

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

still-obviously.gl.at.ply.gg:46857

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      2792-29-0x00000000002A0000-0x0000000000B6A000-memory.dmp

    • Size

      8.8MB

    • MD5

      dc12c3ed6545883e412fd53aee9f9bc8

    • SHA1

      745727e55ea35ef91fdae244f1d09f146309090c

    • SHA256

      590383f4bc81eb472544475d3f93b43967d12d499a1bc46e031d7cd5001d348c

    • SHA512

      eef34bca2e27e0e1ea61c12d82a85407a852b7ef236c4d6a91ec2e85a9be4a85219363759dbb2db23744c7772b9ccd0209977621a681f1345fa5754bfe30be4c

    • SSDEEP

      196608:Ryz6ERB80Yd/m9r8IstNEcOq+OM2OYje:RI6ERBud/m9rmDOezj

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.