General

  • Target

    34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560.exe

  • Size

    95KB

  • Sample

    241123-qwjnvaskcq

  • MD5

    28cfadb2dc13d3274d30e5117757420f

  • SHA1

    1364505c347631d3b33b36c9f6497abff3d35f2e

  • SHA256

    34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560

  • SHA512

    435bab82617962e03442de4b1c65af8291c3e633703670abaf6ad379e989c34724318f7fc12f4354b9557a82b06f86fc66f16a53b96dfc8b154f6f15aa3e491b

  • SSDEEP

    1536:8+ZQMGdeUwljEoKayOxdcJx7OXMHwhkVfjobkZKQ5x1AkSpoHHNLHieBbq:8+ZQMtU9Jx7OXMHwhkVfjobkZKQ5x1Du

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

scammer

C2

oxy01.linkpc.net:1177

Mutex

08f4dc96bbb7af09d1a37fe35c75a42f

Attributes
  • reg_key

    08f4dc96bbb7af09d1a37fe35c75a42f

  • splitter

    |'|'|

Targets

    • Target

      34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560.exe

    • Size

      95KB

    • MD5

      28cfadb2dc13d3274d30e5117757420f

    • SHA1

      1364505c347631d3b33b36c9f6497abff3d35f2e

    • SHA256

      34a843564645e75e6e95cf4bf079dcdf56ba51eca758cad65e0d986bbe359560

    • SHA512

      435bab82617962e03442de4b1c65af8291c3e633703670abaf6ad379e989c34724318f7fc12f4354b9557a82b06f86fc66f16a53b96dfc8b154f6f15aa3e491b

    • SSDEEP

      1536:8+ZQMGdeUwljEoKayOxdcJx7OXMHwhkVfjobkZKQ5x1AkSpoHHNLHieBbq:8+ZQMtU9Jx7OXMHwhkVfjobkZKQ5x1Du

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks