General

  • Target

    e33afe60edad0f20552256c3c2235fcf059cf457fcf95736ff8718d03e2aef01N

  • Size

    23KB

  • Sample

    241030-vrvb1azjal

  • MD5

    13bdc57fb1fa092c7d27f6015047f590

  • SHA1

    a5804e3c8708c89c349841f60d19a0c47c6bfe38

  • SHA256

    e33afe60edad0f20552256c3c2235fcf059cf457fcf95736ff8718d03e2aef01

  • SHA512

    e104dcbee0e2789fa47e4966aa13f4b200ed202f1b0e1638176d0beb211f86e253cbc2b0c35618c65e21a865d8c90c3c687bfe6c1132af9c40004d85ce601b64

  • SSDEEP

    384:woWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZIp:/7O89p2rRpcnun

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.1.11:5552

Mutex

7657c14284185fbd3fb108b43c7467ba

Attributes
  • reg_key

    7657c14284185fbd3fb108b43c7467ba

  • splitter

    |'|'|

Targets

    • Target

      e33afe60edad0f20552256c3c2235fcf059cf457fcf95736ff8718d03e2aef01N

    • Size

      23KB

    • MD5

      13bdc57fb1fa092c7d27f6015047f590

    • SHA1

      a5804e3c8708c89c349841f60d19a0c47c6bfe38

    • SHA256

      e33afe60edad0f20552256c3c2235fcf059cf457fcf95736ff8718d03e2aef01

    • SHA512

      e104dcbee0e2789fa47e4966aa13f4b200ed202f1b0e1638176d0beb211f86e253cbc2b0c35618c65e21a865d8c90c3c687bfe6c1132af9c40004d85ce601b64

    • SSDEEP

      384:woWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZIp:/7O89p2rRpcnun

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks