General

  • Target

    Client.exe

  • Size

    31KB

  • Sample

    241213-m4jf9swmey

  • MD5

    eb6401a1d957dce189e9a1ad06f41172

  • SHA1

    ed58fef2021887c89e2c183d648325e5103eb2dd

  • SHA256

    040473f2b73f8947306d2fa9d99c441447026a56ddcdce11720c17be62e000a8

  • SHA512

    9417fb14d0a8eee31fa6d38df314b9842b01365b0e04885f770da02552125e006cdea6de2ae779db616c0247c41406b8c4c00fca8eb6b646c816e50c35230af6

  • SSDEEP

    768:55JEpBZhjzOzx5+R4s/Hu56HdAbiTinvaTQmIDUu0tiEUj:6D6uukAbiT6oQVkwj

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

127.0.0.1:6522

Mutex

ba8bb006c6a684a6e6ce01b11f9779df

Attributes
  • reg_key

    ba8bb006c6a684a6e6ce01b11f9779df

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      Client.exe

    • Size

      31KB

    • MD5

      eb6401a1d957dce189e9a1ad06f41172

    • SHA1

      ed58fef2021887c89e2c183d648325e5103eb2dd

    • SHA256

      040473f2b73f8947306d2fa9d99c441447026a56ddcdce11720c17be62e000a8

    • SHA512

      9417fb14d0a8eee31fa6d38df314b9842b01365b0e04885f770da02552125e006cdea6de2ae779db616c0247c41406b8c4c00fca8eb6b646c816e50c35230af6

    • SSDEEP

      768:55JEpBZhjzOzx5+R4s/Hu56HdAbiTinvaTQmIDUu0tiEUj:6D6uukAbiT6oQVkwj

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks