General
-
Target
1f2700987cf9d919c85e0bf6ad9b64237e99d52b7d71d1a90b942eb481b4bd98
-
Size
23KB
-
Sample
241122-y61dcayjew
-
MD5
a7930005f1d8bdda2e3491cc36b59237
-
SHA1
61dfc83d5d47476c1d9e63d6123c0f6549a08128
-
SHA256
1f2700987cf9d919c85e0bf6ad9b64237e99d52b7d71d1a90b942eb481b4bd98
-
SHA512
f03c859148f63fcd6d3518633e702f214d1efde5e00b6d8f9f9b5fca33c5f81b00d472a410f0fd3731d87cb9c7b4d98b7624e24a0f652191b7bd799e514e9605
-
SSDEEP
384:cQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/JomRvR6JZlbw8hqIusZzZ8l:PLL6MVU0NRpcnuD
Malware Config
Extracted
njrat
0.7d
HacKed
10.0.0.2:5552
f1704578a45e4f31d07c6bcbe412c8eb
-
reg_key
f1704578a45e4f31d07c6bcbe412c8eb
-
splitter
|'|'|
Targets
-
-
Target
1f2700987cf9d919c85e0bf6ad9b64237e99d52b7d71d1a90b942eb481b4bd98
-
Size
23KB
-
MD5
a7930005f1d8bdda2e3491cc36b59237
-
SHA1
61dfc83d5d47476c1d9e63d6123c0f6549a08128
-
SHA256
1f2700987cf9d919c85e0bf6ad9b64237e99d52b7d71d1a90b942eb481b4bd98
-
SHA512
f03c859148f63fcd6d3518633e702f214d1efde5e00b6d8f9f9b5fca33c5f81b00d472a410f0fd3731d87cb9c7b4d98b7624e24a0f652191b7bd799e514e9605
-
SSDEEP
384:cQ+ILgIbOprgPsUOSU0kB1kd6dg7GYh/JomRvR6JZlbw8hqIusZzZ8l:PLL6MVU0NRpcnuD
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1