General

  • Target

    82bbe6a6bbcf41a61cc5bd3ba07db955052340f011fa7ccdebf3c140fa898c75N

  • Size

    23KB

  • Sample

    241103-mze82svpbk

  • MD5

    5a688757f3c2e5d138fa34068364eba0

  • SHA1

    456da64eec54bb6af96ed6622465a971f297691e

  • SHA256

    82bbe6a6bbcf41a61cc5bd3ba07db955052340f011fa7ccdebf3c140fa898c75

  • SHA512

    cf1e6d7002d775360fd6facc02a6a9bbd67b56725fdbd320b244957be6038847cde90471674e15591e8255e38fc1cad2e4aae1d2469a64423724bb29fd040a55

  • SSDEEP

    384:ZoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZIc:u7O89p2rRpcnui

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.1.11:5552

Mutex

7657c14284185fbd3fb108b43c7467ba

Attributes
  • reg_key

    7657c14284185fbd3fb108b43c7467ba

  • splitter

    |'|'|

Targets

    • Target

      82bbe6a6bbcf41a61cc5bd3ba07db955052340f011fa7ccdebf3c140fa898c75N

    • Size

      23KB

    • MD5

      5a688757f3c2e5d138fa34068364eba0

    • SHA1

      456da64eec54bb6af96ed6622465a971f297691e

    • SHA256

      82bbe6a6bbcf41a61cc5bd3ba07db955052340f011fa7ccdebf3c140fa898c75

    • SHA512

      cf1e6d7002d775360fd6facc02a6a9bbd67b56725fdbd320b244957be6038847cde90471674e15591e8255e38fc1cad2e4aae1d2469a64423724bb29fd040a55

    • SSDEEP

      384:ZoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZIc:u7O89p2rRpcnui

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks