General

  • Target

    9f41a4820c15797bdfff89d998c9285a1b8213c8e62c3111cdf0d3f9d29e6d80.exe

  • Size

    96KB

  • Sample

    241202-1j3ajatrav

  • MD5

    c049228074ea99dcfa2af34316214ad4

  • SHA1

    2a47c44960b7e50a6dad43cf7e7064873283e09e

  • SHA256

    9f41a4820c15797bdfff89d998c9285a1b8213c8e62c3111cdf0d3f9d29e6d80

  • SHA512

    81baa7b0c96f4eb57e60041622571e1993ac9d8c0c9803b97b519f6e95b82c67b9599c221cd7002785db318a00caa48adffb5f79ca602c950477d5cf467d6291

  • SSDEEP

    1536:D1/F8CpxMCAgF9DLi+DOGL2NCi8LEg/FnOcR:BH2+DOGTbLEgHR

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

ilyashacke.no-ip.biz:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      9f41a4820c15797bdfff89d998c9285a1b8213c8e62c3111cdf0d3f9d29e6d80.exe

    • Size

      96KB

    • MD5

      c049228074ea99dcfa2af34316214ad4

    • SHA1

      2a47c44960b7e50a6dad43cf7e7064873283e09e

    • SHA256

      9f41a4820c15797bdfff89d998c9285a1b8213c8e62c3111cdf0d3f9d29e6d80

    • SHA512

      81baa7b0c96f4eb57e60041622571e1993ac9d8c0c9803b97b519f6e95b82c67b9599c221cd7002785db318a00caa48adffb5f79ca602c950477d5cf467d6291

    • SSDEEP

      1536:D1/F8CpxMCAgF9DLi+DOGL2NCi8LEg/FnOcR:BH2+DOGTbLEgHR

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.