General

  • Target

    7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891

  • Size

    8.7MB

  • Sample

    241008-31227svfrf

  • MD5

    7ad05b7882ee3609577e965c3568bcc8

  • SHA1

    752ba491b6813b2a069c200992c1b3bb796aa0ce

  • SHA256

    7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891

  • SHA512

    a235a0963b7bf1a2df1a1c3741dd9ef45f4807d7bacf9ff818fd0667d268975c651767025b4899dd9dc20df9c2fb7b47213f58e32df16754364bd5ba529d708d

  • SSDEEP

    196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbz:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmn

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

jjj

C2

youri.mooo.com:1605

Mutex

e936a10f968ac948cd351c9629dbd36d

Attributes
  • reg_key

    e936a10f968ac948cd351c9629dbd36d

  • splitter

    |'|'|

Targets

    • Target

      7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891

    • Size

      8.7MB

    • MD5

      7ad05b7882ee3609577e965c3568bcc8

    • SHA1

      752ba491b6813b2a069c200992c1b3bb796aa0ce

    • SHA256

      7e751b21199fedb533f384c6293bc09d9fb189a2fdfa45b7e6e93868fbd8f891

    • SHA512

      a235a0963b7bf1a2df1a1c3741dd9ef45f4807d7bacf9ff818fd0667d268975c651767025b4899dd9dc20df9c2fb7b47213f58e32df16754364bd5ba529d708d

    • SSDEEP

      196608:hCbGPZmVfjsCbGPZmVfjiCbGPZmVfjsCbGPZmVfj2CbGPZmVfjsCbGPZmVfjiCbz:0GmVNGmVrGmVNGmVnGmVNGmVrGmVNGmn

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks