General

  • Target

    dllhost.exe

  • Size

    37KB

  • Sample

    241012-drvt4azera

  • MD5

    0a64b72aff3b45b06dfee336414cf9ed

  • SHA1

    5bc91466f6a8952dee430c976c206e5bf73890b7

  • SHA256

    0b9081f030f73e047a09db602103c671753716f992163a47d6028f5aafc6e9c6

  • SHA512

    d8a3435665ff21993332cf1f736abbc260539451e3e66e2b7c3b225431e99d1a774468f4b80e4a220ca19378ddc67a2913d45dddf5eba6f8027e9d6419fc51d7

  • SSDEEP

    768:CXrtsKADtOHiR4akrYBQWllykrM+rMRa8NuW4t:CXr8tVSkBQWlEH+gRJNJ

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

away-displays.gl.at.ply.gg:26916

Mutex

88fa44db6102d86fb65123033d323f7e

Attributes
  • reg_key

    88fa44db6102d86fb65123033d323f7e

  • splitter

    |'|'|

Targets

    • Target

      dllhost.exe

    • Size

      37KB

    • MD5

      0a64b72aff3b45b06dfee336414cf9ed

    • SHA1

      5bc91466f6a8952dee430c976c206e5bf73890b7

    • SHA256

      0b9081f030f73e047a09db602103c671753716f992163a47d6028f5aafc6e9c6

    • SHA512

      d8a3435665ff21993332cf1f736abbc260539451e3e66e2b7c3b225431e99d1a774468f4b80e4a220ca19378ddc67a2913d45dddf5eba6f8027e9d6419fc51d7

    • SSDEEP

      768:CXrtsKADtOHiR4akrYBQWllykrM+rMRa8NuW4t:CXr8tVSkBQWlEH+gRJNJ

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks