General

  • Target

    e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772

  • Size

    23KB

  • Sample

    241011-eymmqszgnr

  • MD5

    c0a157cfb82241dd74a75354c4c05095

  • SHA1

    8b9276cc5c7736543ea9226de779cba7ae317af7

  • SHA256

    e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772

  • SHA512

    c59737efb4b685b7441ea20b9f76901111dcac7dd753d86afed0658d97ada14de198f1c9f2e22e9b79b6fde9fb9548b4ba21320bd2ddaeac69d46dfa0b93c325

  • SSDEEP

    384:iQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/JomRvR6JZlbw8hqIusZzZHh:9LL6MVU0NRpcnuK

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.1.11:5552

Mutex

59da4ba4e355635c767b06d85318b684

Attributes
  • reg_key

    59da4ba4e355635c767b06d85318b684

  • splitter

    |'|'|

Targets

    • Target

      e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772

    • Size

      23KB

    • MD5

      c0a157cfb82241dd74a75354c4c05095

    • SHA1

      8b9276cc5c7736543ea9226de779cba7ae317af7

    • SHA256

      e80d3d175e0a8a9dbaf216c5ff350ec02d4c514f533dc22c4d7276bc87145772

    • SHA512

      c59737efb4b685b7441ea20b9f76901111dcac7dd753d86afed0658d97ada14de198f1c9f2e22e9b79b6fde9fb9548b4ba21320bd2ddaeac69d46dfa0b93c325

    • SSDEEP

      384:iQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/JomRvR6JZlbw8hqIusZzZHh:9LL6MVU0NRpcnuK

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks