General

  • Target

    6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785aN

  • Size

    93KB

  • Sample

    241017-ydn5lsseld

  • MD5

    4638a4d3255b6fa95b8cca9ada4746f0

  • SHA1

    45e155e6af5ffc94aaeefa3b5e689da936e125a6

  • SHA256

    6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785a

  • SHA512

    1fcd84fdec97db5c6b5a9f35ea694ea29452fa8991852099bcd5414f3148a2248a98a07561b4449add087d0d1cf8995e3b751999ea7a485bdcb6d37bbb57ed5f

  • SSDEEP

    768:3Y3cCnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk33sGt:BCxOx6baIa9RZj00ljEwzGi1dDjDhgS

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:7183

Mutex

058a6375393cb12414731e355531b4a5

Attributes
  • reg_key

    058a6375393cb12414731e355531b4a5

  • splitter

    |'|'|

Targets

    • Target

      6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785aN

    • Size

      93KB

    • MD5

      4638a4d3255b6fa95b8cca9ada4746f0

    • SHA1

      45e155e6af5ffc94aaeefa3b5e689da936e125a6

    • SHA256

      6f473d9e7115a0555505eea67dc49226229e24c4ff874d5f7f5e82f7647d785a

    • SHA512

      1fcd84fdec97db5c6b5a9f35ea694ea29452fa8991852099bcd5414f3148a2248a98a07561b4449add087d0d1cf8995e3b751999ea7a485bdcb6d37bbb57ed5f

    • SSDEEP

      768:3Y3cCnD9O/pBcxYsbae6GIXb9pDX2t98PL0OXLeuXxrjEtCdnl2pi1Rz4Rk33sGt:BCxOx6baIa9RZj00ljEwzGi1dDjDhgS

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks