General

  • Target

    d2ef2dc4e906d9f9701f233fd85624d4d4ede7e5aac364cb5dd4a6659dc2da2bN

  • Size

    5.2MB

  • Sample

    241013-smsw9sshlc

  • MD5

    b36ef0f4c7880832bb03508c6421efe0

  • SHA1

    71d4534d1edf6a74369bb8abdbccd254255d5391

  • SHA256

    d2ef2dc4e906d9f9701f233fd85624d4d4ede7e5aac364cb5dd4a6659dc2da2b

  • SHA512

    c7dee9a9d2b51be81008182caa1f2f70f23b5c1ed4c815e44d6616bf58b44a5374699c650ac4711ffdd89a00bb766a5c3ddb1a464c74913bc504cb883f3a979d

  • SSDEEP

    98304:JjhbDRAMazoYl0nxkUki2O/loAxf0Rd1izDicr2HTW5IpH0BzY:JjxDRAMoo20nxkUki2Eljx0RdM6cr2z3

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

f2hd.ddns.net:1177

Mutex

246b94c19bcd8b952f3ab6574fa052da

Attributes
  • reg_key

    246b94c19bcd8b952f3ab6574fa052da

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      d2ef2dc4e906d9f9701f233fd85624d4d4ede7e5aac364cb5dd4a6659dc2da2bN

    • Size

      5.2MB

    • MD5

      b36ef0f4c7880832bb03508c6421efe0

    • SHA1

      71d4534d1edf6a74369bb8abdbccd254255d5391

    • SHA256

      d2ef2dc4e906d9f9701f233fd85624d4d4ede7e5aac364cb5dd4a6659dc2da2b

    • SHA512

      c7dee9a9d2b51be81008182caa1f2f70f23b5c1ed4c815e44d6616bf58b44a5374699c650ac4711ffdd89a00bb766a5c3ddb1a464c74913bc504cb883f3a979d

    • SSDEEP

      98304:JjhbDRAMazoYl0nxkUki2O/loAxf0Rd1izDicr2HTW5IpH0BzY:JjxDRAMoo20nxkUki2Eljx0RdM6cr2z3

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks