General
-
Target
53c01d4af6da8c4e7f971db1305275e521550cbb5fb50ae7122b26b91b4f7d9e
-
Size
31KB
-
Sample
241107-2y873azdpr
-
MD5
1dcca57041c8e9e0d00c989d3c9dec4c
-
SHA1
a4d7ef9eb5756c4cb06f0760b73b169a6bf926f4
-
SHA256
53c01d4af6da8c4e7f971db1305275e521550cbb5fb50ae7122b26b91b4f7d9e
-
SHA512
1e5255c9ff3e0691c8581a1d0687a0b2176f6d82983414eb05d44b188544a81d5cf1e7751107c0aa662d17eb27f19a380dc9f2f91f3817ef88c02ba5386b2c6d
-
SSDEEP
768:WFijnXuTthUzxf6rnYA/bh9vUpQmIDUu0tiwJhj:dn+K+PAQVkNj
Malware Config
Extracted
njrat
0.7d
white_admin
127.0.0.2:100
1b2ab263668640fad25298dfb1c138d6
-
reg_key
1b2ab263668640fad25298dfb1c138d6
-
splitter
Y262SUCZ4UJJ
Targets
-
-
Target
53c01d4af6da8c4e7f971db1305275e521550cbb5fb50ae7122b26b91b4f7d9e
-
Size
31KB
-
MD5
1dcca57041c8e9e0d00c989d3c9dec4c
-
SHA1
a4d7ef9eb5756c4cb06f0760b73b169a6bf926f4
-
SHA256
53c01d4af6da8c4e7f971db1305275e521550cbb5fb50ae7122b26b91b4f7d9e
-
SHA512
1e5255c9ff3e0691c8581a1d0687a0b2176f6d82983414eb05d44b188544a81d5cf1e7751107c0aa662d17eb27f19a380dc9f2f91f3817ef88c02ba5386b2c6d
-
SSDEEP
768:WFijnXuTthUzxf6rnYA/bh9vUpQmIDUu0tiwJhj:dn+K+PAQVkNj
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1