General
-
Target
72f75f004779cc74a7e0a65003291fd2b6cb5cdd281e84770590c7332ba8ebf0N
-
Size
23KB
-
Sample
241018-2z8mxstalh
-
MD5
e5aa4c945fe4d8cbdbad1fb9d92797f0
-
SHA1
60e96f9fac150208f8572dbff2ca9bac8badda24
-
SHA256
72f75f004779cc74a7e0a65003291fd2b6cb5cdd281e84770590c7332ba8ebf0
-
SHA512
458ce846fe2762015f4446a3c5da251210ff342cfe5f98ad025672e95f3bd8c5554cba9718388eb3e156f0d81def9901f03c55573d5bf47ab9d5c4c6a8b25465
-
SSDEEP
384:OsqS+ER6vRKXGYKRWVSujUtX9w6Vglo61Z5DVmRvR6JZlbw8hqIusZzZ2rhy:Zf65K2Yf1jMRpcnu3o
Malware Config
Extracted
njrat
0.7d
HacKed
192.168.179.140:5552
82cdaf622e8d1a0dc8d010baf1364143
-
reg_key
82cdaf622e8d1a0dc8d010baf1364143
-
splitter
|'|'|
Targets
-
-
Target
72f75f004779cc74a7e0a65003291fd2b6cb5cdd281e84770590c7332ba8ebf0N
-
Size
23KB
-
MD5
e5aa4c945fe4d8cbdbad1fb9d92797f0
-
SHA1
60e96f9fac150208f8572dbff2ca9bac8badda24
-
SHA256
72f75f004779cc74a7e0a65003291fd2b6cb5cdd281e84770590c7332ba8ebf0
-
SHA512
458ce846fe2762015f4446a3c5da251210ff342cfe5f98ad025672e95f3bd8c5554cba9718388eb3e156f0d81def9901f03c55573d5bf47ab9d5c4c6a8b25465
-
SSDEEP
384:OsqS+ER6vRKXGYKRWVSujUtX9w6Vglo61Z5DVmRvR6JZlbw8hqIusZzZ2rhy:Zf65K2Yf1jMRpcnu3o
Score10/10-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1