General

  • Target

    ce85d8a497b743f360c7d84d0104b2fa859da583acec0f168560144084ac3036

  • Size

    919KB

  • Sample

    241017-bzjqpaycqq

  • MD5

    50869953a5371852ab8938a81a11a257

  • SHA1

    69d8d1d5d655c83ee0e2596318d34c7541c313b0

  • SHA256

    ce85d8a497b743f360c7d84d0104b2fa859da583acec0f168560144084ac3036

  • SHA512

    bcebfd28d5be0fde675cddc04ec5af953e89a85dd1cc46cffec5bf601d574a0080b8414ade14195208f87f9dfba11d1d0fe5cf0faa2ed9eb4210012384ba8ba5

  • SSDEEP

    24576:RAHnh+eWsN3skA4RV1Hom2KXMmHapLUsQ5h:oh+ZkldoPK8Yap6h

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

fourth#4

C2

soft98.linkpc.net:5550

Mutex

10e93180d6481ad63a77c2b255d40864

Attributes
  • reg_key

    10e93180d6481ad63a77c2b255d40864

  • splitter

    |'|'|

Targets

    • Target

      ce85d8a497b743f360c7d84d0104b2fa859da583acec0f168560144084ac3036

    • Size

      919KB

    • MD5

      50869953a5371852ab8938a81a11a257

    • SHA1

      69d8d1d5d655c83ee0e2596318d34c7541c313b0

    • SHA256

      ce85d8a497b743f360c7d84d0104b2fa859da583acec0f168560144084ac3036

    • SHA512

      bcebfd28d5be0fde675cddc04ec5af953e89a85dd1cc46cffec5bf601d574a0080b8414ade14195208f87f9dfba11d1d0fe5cf0faa2ed9eb4210012384ba8ba5

    • SSDEEP

      24576:RAHnh+eWsN3skA4RV1Hom2KXMmHapLUsQ5h:oh+ZkldoPK8Yap6h

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks