General

  • Target

    c934e247117ffefe057ccd5068bc1f02c79b0fa614a4b2aaf7c5b6eb7641a84cN

  • Size

    509KB

  • Sample

    241012-cwa5tasckm

  • MD5

    7502c97e748f2d265147cdc850f7c040

  • SHA1

    171acf1dcc7c6ed33866d0695e1ee02280af60cf

  • SHA256

    c934e247117ffefe057ccd5068bc1f02c79b0fa614a4b2aaf7c5b6eb7641a84c

  • SHA512

    9257df499eaebbbaa33650c60f2c00b30d44c88a904b737801f4957bb2fbda6dc0335233dfffda514d50fe7acbf8faeda84934e1f6b5c7522fc40b2f0777477e

  • SSDEEP

    6144:OXikTvBw92cu4sf29+/Oz+5/Znvpk7k3XH9S9nwOBeNbOuMKzDtfh9ntNYKQRt1O:OSacu4su9sOW/ZvCM4wO8guFftNTQv

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fw

C2

127.0.0.1:5552

Mutex

cbe31fad842d763414d5ed96bd474262

Attributes
  • reg_key

    cbe31fad842d763414d5ed96bd474262

  • splitter

    |'|'|

Targets

    • Target

      c934e247117ffefe057ccd5068bc1f02c79b0fa614a4b2aaf7c5b6eb7641a84cN

    • Size

      509KB

    • MD5

      7502c97e748f2d265147cdc850f7c040

    • SHA1

      171acf1dcc7c6ed33866d0695e1ee02280af60cf

    • SHA256

      c934e247117ffefe057ccd5068bc1f02c79b0fa614a4b2aaf7c5b6eb7641a84c

    • SHA512

      9257df499eaebbbaa33650c60f2c00b30d44c88a904b737801f4957bb2fbda6dc0335233dfffda514d50fe7acbf8faeda84934e1f6b5c7522fc40b2f0777477e

    • SSDEEP

      6144:OXikTvBw92cu4sf29+/Oz+5/Znvpk7k3XH9S9nwOBeNbOuMKzDtfh9ntNYKQRt1O:OSacu4su9sOW/ZvCM4wO8guFftNTQv

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks