General

  • Target

    665c9c1e0fc46f97e902ac8046d9719661dd4b2e0a685b5e041c9a66c584c1b1N.exe

  • Size

    23KB

  • Sample

    241207-y379sa1qfs

  • MD5

    4abf570a817c250b77a9b4fce234d4f0

  • SHA1

    ab826fabada5c2893043c8ad2daa321032d85727

  • SHA256

    665c9c1e0fc46f97e902ac8046d9719661dd4b2e0a685b5e041c9a66c584c1b1

  • SHA512

    a507011626379501e3b876249c82be446298b394993a70d66cf03205607233781414170d1042e0faa6efb67971b07c4b9dd41ec30648e6f5e0eec0508a153425

  • SSDEEP

    384:5c68yCaUVIhboNgfEimfkNzayS06vg5UhcpxH7ndmRvR6JZlbw8hqIusZzZBH:t873kgNfoaf6ARpcnuq

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

PA

C2

127.0.0.1:5552

Mutex

e229ec82a5ec02373072d0375052096f

Attributes
  • reg_key

    e229ec82a5ec02373072d0375052096f

  • splitter

    |'|'|

Targets

    • Target

      665c9c1e0fc46f97e902ac8046d9719661dd4b2e0a685b5e041c9a66c584c1b1N.exe

    • Size

      23KB

    • MD5

      4abf570a817c250b77a9b4fce234d4f0

    • SHA1

      ab826fabada5c2893043c8ad2daa321032d85727

    • SHA256

      665c9c1e0fc46f97e902ac8046d9719661dd4b2e0a685b5e041c9a66c584c1b1

    • SHA512

      a507011626379501e3b876249c82be446298b394993a70d66cf03205607233781414170d1042e0faa6efb67971b07c4b9dd41ec30648e6f5e0eec0508a153425

    • SSDEEP

      384:5c68yCaUVIhboNgfEimfkNzayS06vg5UhcpxH7ndmRvR6JZlbw8hqIusZzZBH:t873kgNfoaf6ARpcnuq

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks