General

  • Target

    46cddbe0ce9c4e9a31919ea4638ea5f4932893d81be8068b891324373db1a55bN.exe

  • Size

    39KB

  • Sample

    241124-v7jkfaxlaq

  • MD5

    9d58045840961c76837895d303b5e7b0

  • SHA1

    dcfbd3c1a678eaf20b20428ee2953023e4e3bbf7

  • SHA256

    46cddbe0ce9c4e9a31919ea4638ea5f4932893d81be8068b891324373db1a55b

  • SHA512

    f482b84ef274198c75990ffd3476c0b11c55ca9978eac379e6c3616412a258832d36c34d0812f5839fc82c6be0f47c88ee28e8a9c690fa4927bbb26ad916146c

  • SSDEEP

    768:VvASIisql251c6opnV0jZJ/s8B8RnVMZ8pBz3bdHUCRKSBsL+DEplyLnEI:inql2ncFpngZFsrKcZRKSCL+D+w/

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

loshara

C2

127.0.0.1:80

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    |Ghost|

Targets

    • Target

      46cddbe0ce9c4e9a31919ea4638ea5f4932893d81be8068b891324373db1a55bN.exe

    • Size

      39KB

    • MD5

      9d58045840961c76837895d303b5e7b0

    • SHA1

      dcfbd3c1a678eaf20b20428ee2953023e4e3bbf7

    • SHA256

      46cddbe0ce9c4e9a31919ea4638ea5f4932893d81be8068b891324373db1a55b

    • SHA512

      f482b84ef274198c75990ffd3476c0b11c55ca9978eac379e6c3616412a258832d36c34d0812f5839fc82c6be0f47c88ee28e8a9c690fa4927bbb26ad916146c

    • SSDEEP

      768:VvASIisql251c6opnV0jZJ/s8B8RnVMZ8pBz3bdHUCRKSBsL+DEplyLnEI:inql2ncFpngZFsrKcZRKSCL+D+w/

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.