General

  • Target

    ef5c02c221b5cb992728758e29195115a8f5481cf9ca5072a0616f95d00a362c.exe

  • Size

    23KB

  • Sample

    241217-f254xssqep

  • MD5

    475813f4cabffe076aefbd618a982512

  • SHA1

    e2febca085bd5f5ac9aa2313bab17b4565a4024b

  • SHA256

    ef5c02c221b5cb992728758e29195115a8f5481cf9ca5072a0616f95d00a362c

  • SHA512

    5b253580f9147ca689c076b8f044e26ae37d5a2575c3fd02ec8e67c12cd273ebcc2c31c5631608340ae2d78f1dbe17f128909d4354118b4ef74ba27660c9ca76

  • SSDEEP

    384:hFHuitNFzA0yUVky2n0Yxga06agwXh/+f1mRvR6JZlbw8hqIusZzZZa:a6F2RNnB+Rpcnuj

Malware Config

Extracted

Family

njrat

Version

0.7d

C2

188.212.158.75:5556

Mutex

e67ceec44f16fc357df593d15ca3e96b

Attributes
  • reg_key

    e67ceec44f16fc357df593d15ca3e96b

  • splitter

    |'|'|

Targets

    • Target

      ef5c02c221b5cb992728758e29195115a8f5481cf9ca5072a0616f95d00a362c.exe

    • Size

      23KB

    • MD5

      475813f4cabffe076aefbd618a982512

    • SHA1

      e2febca085bd5f5ac9aa2313bab17b4565a4024b

    • SHA256

      ef5c02c221b5cb992728758e29195115a8f5481cf9ca5072a0616f95d00a362c

    • SHA512

      5b253580f9147ca689c076b8f044e26ae37d5a2575c3fd02ec8e67c12cd273ebcc2c31c5631608340ae2d78f1dbe17f128909d4354118b4ef74ba27660c9ca76

    • SSDEEP

      384:hFHuitNFzA0yUVky2n0Yxga06agwXh/+f1mRvR6JZlbw8hqIusZzZZa:a6F2RNnB+Rpcnuj

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks