General

  • Target

    e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498

  • Size

    30KB

  • Sample

    241014-fsb5gszbpg

  • MD5

    643281d625ce388612c2f1cb5c56f5ef

  • SHA1

    45e0244dac1d51122531d8d8dd0c08178de1fc60

  • SHA256

    e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498

  • SHA512

    6ced1b26facef98598420db3e3ace18328c2de598a73529d25785d1bd73b478fbcf2e5ea5dc38b5e7878679b885a33dee3aab0b497743e3acd524d4458ba1864

  • SSDEEP

    768:rRbSjG1XB9Qzxry1nIP/obxvCTQmIDUu0tizAFgj:4m6ixsQVkvij

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

OnShop

C2

127.0.0.1:5555

Mutex

43bd4b5503915c411b0354ec69673c15

Attributes
  • reg_key

    43bd4b5503915c411b0354ec69673c15

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498

    • Size

      30KB

    • MD5

      643281d625ce388612c2f1cb5c56f5ef

    • SHA1

      45e0244dac1d51122531d8d8dd0c08178de1fc60

    • SHA256

      e5349590a184d5e37383f7c4b840183114544a006d4bb183a7787eb577bb7498

    • SHA512

      6ced1b26facef98598420db3e3ace18328c2de598a73529d25785d1bd73b478fbcf2e5ea5dc38b5e7878679b885a33dee3aab0b497743e3acd524d4458ba1864

    • SSDEEP

      768:rRbSjG1XB9Qzxry1nIP/obxvCTQmIDUu0tizAFgj:4m6ixsQVkvij

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks