General

  • Target

    C4I1C_Server.exe

  • Size

    23KB

  • Sample

    241203-rrvqzsvjgl

  • MD5

    1011ca14bd55e56a16a393744aefcc47

  • SHA1

    912b56d8a53e77db250a904c68afb00f39a98429

  • SHA256

    1048b9978e4e8d928c8f5c057c0c1ac6213b4f456b6cf83558e213742f780bea

  • SHA512

    e093b3d79e56691637bf00cf4d1610a3891b7f9501d9874a3ed5fd8f2056a758f6e3270e9435cbe02cf5c2cb37bc07436959d402f76ef11173f93545229d73b3

  • SSDEEP

    384:FweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZVT:aLq411eRpcnuq

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

20.ip.gl.ply.gg:17798

Mutex

b86f87cbaaa618da21a2bbbc7c7dfc60

Attributes
  • reg_key

    b86f87cbaaa618da21a2bbbc7c7dfc60

  • splitter

    |'|'|

Targets

    • Target

      C4I1C_Server.exe

    • Size

      23KB

    • MD5

      1011ca14bd55e56a16a393744aefcc47

    • SHA1

      912b56d8a53e77db250a904c68afb00f39a98429

    • SHA256

      1048b9978e4e8d928c8f5c057c0c1ac6213b4f456b6cf83558e213742f780bea

    • SHA512

      e093b3d79e56691637bf00cf4d1610a3891b7f9501d9874a3ed5fd8f2056a758f6e3270e9435cbe02cf5c2cb37bc07436959d402f76ef11173f93545229d73b3

    • SSDEEP

      384:FweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZVT:aLq411eRpcnuq

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks