General
-
Target
fc7d8c3b8b3627a6e5a660d3b572b676e6e0470a9935d793c813fcb78e290223N.exe
-
Size
23KB
-
Sample
241130-qqf1rsvnat
-
MD5
744dc6cc8acce92d2b7f23244a249b40
-
SHA1
da8693842630dab540d1c0b32b1bea7e054d77df
-
SHA256
fc7d8c3b8b3627a6e5a660d3b572b676e6e0470a9935d793c813fcb78e290223
-
SHA512
12afc14b38aa01d573a081b9d2b9d1cfb094da5461b2dc45ae93a430c7dfa88b3bc3f44cffe5b975cf3043386f264c96215921cdfb266117185d1741f9548e3b
-
SSDEEP
384:cslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZuN6:VeEvwIlLMRpcnuB6
Malware Config
Extracted
njrat
0.7d
HacKed
10.10.10.10:5552
e3c9dc0133333258fa0ebe7ab4bdc72d
-
reg_key
e3c9dc0133333258fa0ebe7ab4bdc72d
-
splitter
|'|'|
Targets
-
-
Target
fc7d8c3b8b3627a6e5a660d3b572b676e6e0470a9935d793c813fcb78e290223N.exe
-
Size
23KB
-
MD5
744dc6cc8acce92d2b7f23244a249b40
-
SHA1
da8693842630dab540d1c0b32b1bea7e054d77df
-
SHA256
fc7d8c3b8b3627a6e5a660d3b572b676e6e0470a9935d793c813fcb78e290223
-
SHA512
12afc14b38aa01d573a081b9d2b9d1cfb094da5461b2dc45ae93a430c7dfa88b3bc3f44cffe5b975cf3043386f264c96215921cdfb266117185d1741f9548e3b
-
SSDEEP
384:cslUlEvOEJ8xWwYJOMiOBZEdj1567gtwi5HhbQmRvR6JZlbw8hqIusZzZuN6:VeEvwIlLMRpcnuB6
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1