General
-
Target
03540223fcf6bc801de1f4ef026e0f1d6de19967fa94768c0c01b5dd4cfa3a15N.exe
-
Size
3.3MB
-
Sample
241220-esnb3syqhw
-
MD5
2a250a987df95bf6db01ad711217ed20
-
SHA1
29a22aaec7b36e6e074367025861e1fa5f42682b
-
SHA256
03540223fcf6bc801de1f4ef026e0f1d6de19967fa94768c0c01b5dd4cfa3a15
-
SHA512
15d767edecdf3971c344e3aefdbcafefee0f5568d75b96c436b9737c7ac20308b2f34decf96dea59d8515b1e6c8dc91e003bee73aab467643b3243679b1f3f65
-
SSDEEP
98304:zKBLb+F+m/3LPP5xNd5BS0f0qd3EHsK5ajbejg:z6LQJLPh159ld3q58r
Malware Config
Extracted
njrat
0.7d
HacKed
127.0.0.1:5552
984559f52d4087243e95e5ad9bb48e8d
-
reg_key
984559f52d4087243e95e5ad9bb48e8d
-
splitter
|'|'|
Targets
-
-
Target
03540223fcf6bc801de1f4ef026e0f1d6de19967fa94768c0c01b5dd4cfa3a15N.exe
-
Size
3.3MB
-
MD5
2a250a987df95bf6db01ad711217ed20
-
SHA1
29a22aaec7b36e6e074367025861e1fa5f42682b
-
SHA256
03540223fcf6bc801de1f4ef026e0f1d6de19967fa94768c0c01b5dd4cfa3a15
-
SHA512
15d767edecdf3971c344e3aefdbcafefee0f5568d75b96c436b9737c7ac20308b2f34decf96dea59d8515b1e6c8dc91e003bee73aab467643b3243679b1f3f65
-
SSDEEP
98304:zKBLb+F+m/3LPP5xNd5BS0f0qd3EHsK5ajbejg:z6LQJLPh159ld3q58r
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1