General

  • Target

    00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e.exe

  • Size

    343KB

  • Sample

    241121-nqhs9a1epe

  • MD5

    e90fd1f172de410f0921d0b4a57c90e3

  • SHA1

    89eb6e52bd2646f48c06103411ce88e3fc6d58f6

  • SHA256

    00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e

  • SHA512

    380c078bb64b9ce4ffcdf7280b6dc84b8bcf9470c3a93b556bed946edc46cb3116aba47d588b55d1fcbae7b5b5a66edb1d5bb93e78455ace0a75039ca1b099e3

  • SSDEEP

    6144:gy+QnQZakoARoXQfux2eNewQjfNa88u4sVxA9S/OYhsYesYgv00dQ:9+Qn4aVACQefeRaX9sfAc3h5esYgv00y

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

punk1

C2

suchwoni13.ddns.net:4030

Mutex

7f8acde012caa987026616c48ee81144

Attributes
  • reg_key

    7f8acde012caa987026616c48ee81144

  • splitter

    |'|'|

Targets

    • Target

      00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e.exe

    • Size

      343KB

    • MD5

      e90fd1f172de410f0921d0b4a57c90e3

    • SHA1

      89eb6e52bd2646f48c06103411ce88e3fc6d58f6

    • SHA256

      00d456f599ff7b1e5e8d50a9074989a848fe47cc475d88765db2a6b0ee94fe4e

    • SHA512

      380c078bb64b9ce4ffcdf7280b6dc84b8bcf9470c3a93b556bed946edc46cb3116aba47d588b55d1fcbae7b5b5a66edb1d5bb93e78455ace0a75039ca1b099e3

    • SSDEEP

      6144:gy+QnQZakoARoXQfux2eNewQjfNa88u4sVxA9S/OYhsYesYgv00dQ:9+Qn4aVACQefeRaX9sfAc3h5esYgv00y

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks