General
-
Target
8b103a00fbc87604c88d42e7fe05522bdfb1d2a2f50dfa395a9ade7c3f7442ce.exe
-
Size
11KB
-
Sample
241123-r6kjkawrct
-
MD5
498f96b5db1890dc06c35b8d64bab9ca
-
SHA1
0db2e0a9c96b61b6d093666dc12a935cbec0fbff
-
SHA256
8b103a00fbc87604c88d42e7fe05522bdfb1d2a2f50dfa395a9ade7c3f7442ce
-
SHA512
d48ae6179c2d22646bc0aa5aa8dfc986b11fa1ffc856719b953c2f21837a84a13585aecca7f5a6020081caea2159cac644f844f8bc94ebe39cff404b476e7add
-
SSDEEP
192:zUBrnLG6AgDbLcTsdUOkxF+QKwIW1YPno6HDa9/OYJ4DxYNlNKq:cjrvcToUPxF+QKdno6HDa9WMcwlNP
Malware Config
Extracted
njrat
0.7d
HacKed
slt3zgq8.ddns.net:555
5f3acc7a45540b22cf4ac8daf77dcddb
-
reg_key
5f3acc7a45540b22cf4ac8daf77dcddb
-
splitter
|'|'|
Targets
-
-
Target
8b103a00fbc87604c88d42e7fe05522bdfb1d2a2f50dfa395a9ade7c3f7442ce.exe
-
Size
11KB
-
MD5
498f96b5db1890dc06c35b8d64bab9ca
-
SHA1
0db2e0a9c96b61b6d093666dc12a935cbec0fbff
-
SHA256
8b103a00fbc87604c88d42e7fe05522bdfb1d2a2f50dfa395a9ade7c3f7442ce
-
SHA512
d48ae6179c2d22646bc0aa5aa8dfc986b11fa1ffc856719b953c2f21837a84a13585aecca7f5a6020081caea2159cac644f844f8bc94ebe39cff404b476e7add
-
SSDEEP
192:zUBrnLG6AgDbLcTsdUOkxF+QKwIW1YPno6HDa9/OYJ4DxYNlNKq:cjrvcToUPxF+QKdno6HDa9WMcwlNP
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1