General

  • Target

    a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6

  • Size

    37KB

  • Sample

    241114-bhr1qswjdm

  • MD5

    8123fc137d73b3b92fc40be61af08ace

  • SHA1

    b11168a1ad6d72808b176f0c889bfa220d13813e

  • SHA256

    a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6

  • SHA512

    cf225e298886dc63584f7615891a3f4fc9773d4e2078a1363dba8547b1e85627b5bb5dcc18dbbcd51e3375bc18fb122ae4846bb92735d0c963ac0e9f71f56453

  • SSDEEP

    384:eLExxTGARStybaVhonbUOgg5Ctc5EmAoiCWsWGac5LoaPGtvx93pMKm+M5hsTz6N:IExTyLhChggkdeWKacbOtbNqTYDYRD

Malware Config

Extracted

Family

njrat

Version

0.7d | By Brontok

Botnet

Victim

C2

spk.accesscam.org:55554

Mutex

m9o1ocabbaxon9ndffebx7uutlcl49nl

Attributes
  • reg_key

    m9o1ocabbaxon9ndffebx7uutlcl49nl

  • splitter

    |'|'|

Targets

    • Target

      a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6

    • Size

      37KB

    • MD5

      8123fc137d73b3b92fc40be61af08ace

    • SHA1

      b11168a1ad6d72808b176f0c889bfa220d13813e

    • SHA256

      a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6

    • SHA512

      cf225e298886dc63584f7615891a3f4fc9773d4e2078a1363dba8547b1e85627b5bb5dcc18dbbcd51e3375bc18fb122ae4846bb92735d0c963ac0e9f71f56453

    • SSDEEP

      384:eLExxTGARStybaVhonbUOgg5Ctc5EmAoiCWsWGac5LoaPGtvx93pMKm+M5hsTz6N:IExTyLhChggkdeWKacbOtbNqTYDYRD

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks