General

  • Target

    91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d.exe

  • Size

    172KB

  • Sample

    241124-gh8w5ssqhl

  • MD5

    31a3740cc99c9c07023248be02963fc6

  • SHA1

    cd340fa1b4cffa7735d82ae67e3aeebad82b0d4f

  • SHA256

    91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d

  • SHA512

    7a5e0a4665c9b4e1ba3c3720e06eac96655ee80d2e6d6773eddfc570da1b58cde702c719a48e09ce9f65a94de61d3dce48153e7b5beebc8619e0cda67171649d

  • SSDEEP

    3072:PFBUIROK34+J5ra0/B6yNpa8/vqgI2pb5LgaTc6Pg/CcZLoKy5o++e1:PFBpIK5GeNA8nhpb/cx/CvKy5o+j1

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

karimpiratage.ddns.net:1177

Mutex

38c561b772ad19a01872b80289465369

Attributes
  • reg_key

    38c561b772ad19a01872b80289465369

  • splitter

    |'|'|

Targets

    • Target

      91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d.exe

    • Size

      172KB

    • MD5

      31a3740cc99c9c07023248be02963fc6

    • SHA1

      cd340fa1b4cffa7735d82ae67e3aeebad82b0d4f

    • SHA256

      91be234780a5b85a0f22073f970a6ecd45fcaa0c3e7f78ff151962f66f9d846d

    • SHA512

      7a5e0a4665c9b4e1ba3c3720e06eac96655ee80d2e6d6773eddfc570da1b58cde702c719a48e09ce9f65a94de61d3dce48153e7b5beebc8619e0cda67171649d

    • SSDEEP

      3072:PFBUIROK34+J5ra0/B6yNpa8/vqgI2pb5LgaTc6Pg/CcZLoKy5o++e1:PFBpIK5GeNA8nhpb/cx/CvKy5o+j1

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks