General

  • Target

    ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050N.exe

  • Size

    23KB

  • Sample

    241127-n3r8fssmcv

  • MD5

    50557085aa9b11dcd7c0abfc315cf990

  • SHA1

    c45eb0e488fc26d0223dfbc1788b742302e02c86

  • SHA256

    ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050

  • SHA512

    9a8cbdf648e2701740eabb2426c45e360f4cf4ae3320d3517c48b9ab3422c51d45d9c6e7f1cd71542dc28f1b9038fde3e16d9269db1e0c20b59be9f45b3e2e24

  • SSDEEP

    384:y8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZhB:lXcwt3tRpcnug

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

TAKTOUKA

C2

127.0.0.1:8090

Mutex

2239074f375016b7c06b239673132d3c

Attributes
  • reg_key

    2239074f375016b7c06b239673132d3c

  • splitter

    |'|'|

Targets

    • Target

      ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050N.exe

    • Size

      23KB

    • MD5

      50557085aa9b11dcd7c0abfc315cf990

    • SHA1

      c45eb0e488fc26d0223dfbc1788b742302e02c86

    • SHA256

      ca8bd7a066b592eebb89cffb351cf824ad1292da7587656829ab166f4a004050

    • SHA512

      9a8cbdf648e2701740eabb2426c45e360f4cf4ae3320d3517c48b9ab3422c51d45d9c6e7f1cd71542dc28f1b9038fde3e16d9269db1e0c20b59be9f45b3e2e24

    • SSDEEP

      384:y8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZhB:lXcwt3tRpcnug

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks