General

  • Target

    3da195f8e501a09d53237e696d709622b284238eac6ba610573f0a0f0097de16N

  • Size

    95KB

  • Sample

    241021-aqxqhsyfng

  • MD5

    dfefe9c586e09c7dbc2a49e4fc5e0a10

  • SHA1

    e328f488933b8f5e14b6c2805a20705956fd80ce

  • SHA256

    3da195f8e501a09d53237e696d709622b284238eac6ba610573f0a0f0097de16

  • SHA512

    ec08cff65f65ceee0d5b17592fa7e6fb3dabc104b39be53f45dee4811854eeeed2d9e07ecd666b05ca1cccdaa2f36f8e42426103398a2590ee86f7907bbf257c

  • SSDEEP

    1536:EiitgtfFC6CQwkSD2cIDpxxHQbaXq6jwi4kkx49hQmvz:Eiitg3/CQwNnExxH2MvjwitZz

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

emad1987.myq-see.com:3973

Mutex

45199fb7bada9d81f231ad9d1d9c9673

Attributes
  • reg_key

    45199fb7bada9d81f231ad9d1d9c9673

  • splitter

    |'|'|

Targets

    • Target

      3da195f8e501a09d53237e696d709622b284238eac6ba610573f0a0f0097de16N

    • Size

      95KB

    • MD5

      dfefe9c586e09c7dbc2a49e4fc5e0a10

    • SHA1

      e328f488933b8f5e14b6c2805a20705956fd80ce

    • SHA256

      3da195f8e501a09d53237e696d709622b284238eac6ba610573f0a0f0097de16

    • SHA512

      ec08cff65f65ceee0d5b17592fa7e6fb3dabc104b39be53f45dee4811854eeeed2d9e07ecd666b05ca1cccdaa2f36f8e42426103398a2590ee86f7907bbf257c

    • SSDEEP

      1536:EiitgtfFC6CQwkSD2cIDpxxHQbaXq6jwi4kkx49hQmvz:Eiitg3/CQwNnExxH2MvjwitZz

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks