General

  • Target

    b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d.exe

  • Size

    29KB

  • Sample

    241203-tyx6sstjez

  • MD5

    47a315bc2987d5c8499bd0e3d9025933

  • SHA1

    5329310232bf63e0c22ca0338a604fd7e6a9c9cb

  • SHA256

    b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d

  • SHA512

    9827232d1b39d86af23851f41d5bbdf81f7e013b3b54ea5a3b99bffe13aae42a5603eeef7a4289cb835c0c4b26ec65d207823672d6af819bad9d2d0d13c887e1

  • SSDEEP

    384:5hpQjtl7jBnoKoK3JX15nHK4GumqDAEReIlGBsbh0w4wlAokw9OhgOL1vYRGOZzb:527hoKoGJFNK4Aq1RehBKh0p29SgRdoW

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d.exe

    • Size

      29KB

    • MD5

      47a315bc2987d5c8499bd0e3d9025933

    • SHA1

      5329310232bf63e0c22ca0338a604fd7e6a9c9cb

    • SHA256

      b7aeeb37ec16816ce0b034012bff67059409af17be53b42c033eb36b2e76dd0d

    • SHA512

      9827232d1b39d86af23851f41d5bbdf81f7e013b3b54ea5a3b99bffe13aae42a5603eeef7a4289cb835c0c4b26ec65d207823672d6af819bad9d2d0d13c887e1

    • SSDEEP

      384:5hpQjtl7jBnoKoK3JX15nHK4GumqDAEReIlGBsbh0w4wlAokw9OhgOL1vYRGOZzb:527hoKoGJFNK4Aq1RehBKh0p29SgRdoW

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks