General

  • Target

    d6ee68c0057fd95a29a2f112c19cb556837eff859071827bc5d37069742d96cc.exe

  • Size

    37KB

  • Sample

    241217-fkm7saslfl

  • MD5

    e20a459e155e9860e8a00f4d4a6015bf

  • SHA1

    982fe6b24779fa4a64a154947aca4d5615a7af86

  • SHA256

    d6ee68c0057fd95a29a2f112c19cb556837eff859071827bc5d37069742d96cc

  • SHA512

    381a3c27328e30a06125c2fa45334ca84aaff7904afb032e4fd6dec1474179787f0d87e93804b7b79e74987e2977ea19d64de05872c7f4fe1ca818199ed30d02

  • SSDEEP

    384:cmnJMiLrBndznNCyMGmPiePDUcmk3lsrAF+rMRTyN/0L+EcoinblneHQM3epzX0O:Rn9RNRMGmPPg1kVsrM+rMRa8NuS6Jt

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

pakEt

C2

condition-clearance.gl.at.ply.gg:7070

Mutex

9d3a575fdcc2dd1782d18ac5655a8b28

Attributes
  • reg_key

    9d3a575fdcc2dd1782d18ac5655a8b28

  • splitter

    |'|'|

Targets

    • Target

      d6ee68c0057fd95a29a2f112c19cb556837eff859071827bc5d37069742d96cc.exe

    • Size

      37KB

    • MD5

      e20a459e155e9860e8a00f4d4a6015bf

    • SHA1

      982fe6b24779fa4a64a154947aca4d5615a7af86

    • SHA256

      d6ee68c0057fd95a29a2f112c19cb556837eff859071827bc5d37069742d96cc

    • SHA512

      381a3c27328e30a06125c2fa45334ca84aaff7904afb032e4fd6dec1474179787f0d87e93804b7b79e74987e2977ea19d64de05872c7f4fe1ca818199ed30d02

    • SSDEEP

      384:cmnJMiLrBndznNCyMGmPiePDUcmk3lsrAF+rMRTyN/0L+EcoinblneHQM3epzX0O:Rn9RNRMGmPPg1kVsrM+rMRa8NuS6Jt

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks