General

  • Target

    bb8065309db684a81570b42a0bb4b0b160fea37eb4117d9296fccb678ea5ec2e

  • Size

    23KB

  • Sample

    241217-wkk1estlhx

  • MD5

    e170c80d53dfec6413f3bb13cf2505b8

  • SHA1

    32d0c64ac85166bf71a9f24ea091f470c5b471b9

  • SHA256

    bb8065309db684a81570b42a0bb4b0b160fea37eb4117d9296fccb678ea5ec2e

  • SHA512

    2926bb37d421cde19653b8b4f0e78469fc415f2d4f8b0b3072728e1a1b70d62d88dec1a2b7affa413631ae0c242ed1e4fe0ca137f5cdf0abee5fd7a07525541c

  • SSDEEP

    384:N8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZ0U:uXcwt3tRpcnuq

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

feacebook.us.to:4444

Mutex

09a96e8bdcc22f9e796248ee9591454a

Attributes
  • reg_key

    09a96e8bdcc22f9e796248ee9591454a

  • splitter

    |'|'|

Targets

    • Target

      bb8065309db684a81570b42a0bb4b0b160fea37eb4117d9296fccb678ea5ec2e

    • Size

      23KB

    • MD5

      e170c80d53dfec6413f3bb13cf2505b8

    • SHA1

      32d0c64ac85166bf71a9f24ea091f470c5b471b9

    • SHA256

      bb8065309db684a81570b42a0bb4b0b160fea37eb4117d9296fccb678ea5ec2e

    • SHA512

      2926bb37d421cde19653b8b4f0e78469fc415f2d4f8b0b3072728e1a1b70d62d88dec1a2b7affa413631ae0c242ed1e4fe0ca137f5cdf0abee5fd7a07525541c

    • SSDEEP

      384:N8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZ0U:uXcwt3tRpcnuq

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks