General

  • Target

    51a718a6214e5343d10b3cc9363abb33a7878a3bb43fad260b272d0092ce0e29

  • Size

    31KB

  • Sample

    241209-1w89lssqfx

  • MD5

    c3e66f671d803b0652116bee0df392df

  • SHA1

    d0c3cb8bc4d87635f9e467925af03cf08d2617b6

  • SHA256

    51a718a6214e5343d10b3cc9363abb33a7878a3bb43fad260b272d0092ce0e29

  • SHA512

    ddfcb0439d780e736561efab8307b1ff4ff3fdbe0e4f120fe4e2f0c403a052e6be09646bf13ab14d57fc000fdf28893b1fcee6863c9f0e55b2a272f11556e177

  • SSDEEP

    768:o5hO5b13hdwzxLy3os0O/dMRvCzQmIDUu0tik2j:4cZ6eh6kQVkyj

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

176.59.197.143:6522

Mutex

f1d5bd1f4df2577763f0bc26109e5e82

Attributes
  • reg_key

    f1d5bd1f4df2577763f0bc26109e5e82

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      51a718a6214e5343d10b3cc9363abb33a7878a3bb43fad260b272d0092ce0e29

    • Size

      31KB

    • MD5

      c3e66f671d803b0652116bee0df392df

    • SHA1

      d0c3cb8bc4d87635f9e467925af03cf08d2617b6

    • SHA256

      51a718a6214e5343d10b3cc9363abb33a7878a3bb43fad260b272d0092ce0e29

    • SHA512

      ddfcb0439d780e736561efab8307b1ff4ff3fdbe0e4f120fe4e2f0c403a052e6be09646bf13ab14d57fc000fdf28893b1fcee6863c9f0e55b2a272f11556e177

    • SSDEEP

      768:o5hO5b13hdwzxLy3os0O/dMRvCzQmIDUu0tik2j:4cZ6eh6kQVkyj

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks