General
-
Target
448242acea7a2d4ebc34568c320adb397ddc1379dbc87a51d9124a2fbe99b0f0exe.exe
-
Size
93KB
-
Sample
241104-w9nslsvhjp
-
MD5
d97b1bc0635e88c00cbc79317aa428bd
-
SHA1
60048ae1a6f382455cbf9c493f27976c58d310d9
-
SHA256
448242acea7a2d4ebc34568c320adb397ddc1379dbc87a51d9124a2fbe99b0f0
-
SHA512
e578be1907aaa25631ca9a955320af25d5512c1ddc17557dc6d39f8f63ca575f1811f45aa932985b39257c29d59823deabeb01337cdb46758cfa3badc8ab9ab8
-
SSDEEP
768:VY33ytjglPPMJI08+EyrERm9hX+DlwA461mXxrjEtCdnl2pi1Rz4Rk37sGdpfgS7:syJgdQ8+f4mXPA4tjEwzGi1dDnDfgS
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
127.0.0.1:5552
cd4cbc9fb72b65e4b3796572077d8e39
-
reg_key
cd4cbc9fb72b65e4b3796572077d8e39
-
splitter
|'|'|
Targets
-
-
Target
448242acea7a2d4ebc34568c320adb397ddc1379dbc87a51d9124a2fbe99b0f0exe.exe
-
Size
93KB
-
MD5
d97b1bc0635e88c00cbc79317aa428bd
-
SHA1
60048ae1a6f382455cbf9c493f27976c58d310d9
-
SHA256
448242acea7a2d4ebc34568c320adb397ddc1379dbc87a51d9124a2fbe99b0f0
-
SHA512
e578be1907aaa25631ca9a955320af25d5512c1ddc17557dc6d39f8f63ca575f1811f45aa932985b39257c29d59823deabeb01337cdb46758cfa3badc8ab9ab8
-
SSDEEP
768:VY33ytjglPPMJI08+EyrERm9hX+DlwA461mXxrjEtCdnl2pi1Rz4Rk37sGdpfgS7:syJgdQ8+f4mXPA4tjEwzGi1dDnDfgS
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1