General

  • Target

    861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953

  • Size

    93KB

  • Sample

    241208-a1p4esyjgr

  • MD5

    ccb06fa4b339cc8ff5ae2331dda084b4

  • SHA1

    0d1af1ebe0cb29ebf9ea4c76a7630661553b64db

  • SHA256

    861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953

  • SHA512

    a716f4906ac8ba1135471deef804e886891cfdc7b3f8b8d471a8fec0aadb0a39051b5adb3930c6a715b2c7a6a46168bacb6ef9705925bfd02fd88b4ebc335952

  • SSDEEP

    1536:InwEnYi9bzKuZ+8uZ3nV5XS65mkrPZ58kzQ+e+e+:IwaYi9bsh7J7M+e+e+

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

Steam

C2

40.80.147.203:8080

Mutex

Steam

Attributes
  • reg_key

    Steam

  • splitter

    |-F-|

Targets

    • Target

      861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953

    • Size

      93KB

    • MD5

      ccb06fa4b339cc8ff5ae2331dda084b4

    • SHA1

      0d1af1ebe0cb29ebf9ea4c76a7630661553b64db

    • SHA256

      861c62fc1b264801e17d6a61ac6579a3b7d6d39e2f35aec69fc1b8300f42c953

    • SHA512

      a716f4906ac8ba1135471deef804e886891cfdc7b3f8b8d471a8fec0aadb0a39051b5adb3930c6a715b2c7a6a46168bacb6ef9705925bfd02fd88b4ebc335952

    • SSDEEP

      1536:InwEnYi9bzKuZ+8uZ3nV5XS65mkrPZ58kzQ+e+e+:IwaYi9bsh7J7M+e+e+

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks