General
-
Target
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9.exe
-
Size
136KB
-
Sample
250119-xdx7va1naq
-
MD5
79500f7c4b6cf21732b6ef0414c2dfa7
-
SHA1
512a900a0b8bbddca9071fa91958fc2ed8e1e10c
-
SHA256
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9
-
SHA512
2098e52b357864b22e3f40b6d5e1bb0a830aa874eb0c6b8ad44aa04e318b810885d33806a2a67b915ed142d146fa0f702fe5c1d2eb495c34fb030b69e5481dcc
-
SSDEEP
1536:OWzOx6baIa9RIj00ljEwzGi1dD3DXgSAhA4OK4VVpuXQQdo3MU:OWLbaIa9ijNSi1dnQD9Rea3I
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
127.0.0.1:5552
a673af9338ff8860401a647b33db3833
-
reg_key
a673af9338ff8860401a647b33db3833
-
splitter
|'|'|
Targets
-
-
Target
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9.exe
-
Size
136KB
-
MD5
79500f7c4b6cf21732b6ef0414c2dfa7
-
SHA1
512a900a0b8bbddca9071fa91958fc2ed8e1e10c
-
SHA256
9cf9f7182fc6d0c17d3ebb75273ad4a861b44fb318c94f71a719723646cc3ec9
-
SHA512
2098e52b357864b22e3f40b6d5e1bb0a830aa874eb0c6b8ad44aa04e318b810885d33806a2a67b915ed142d146fa0f702fe5c1d2eb495c34fb030b69e5481dcc
-
SSDEEP
1536:OWzOx6baIa9RIj00ljEwzGi1dD3DXgSAhA4OK4VVpuXQQdo3MU:OWLbaIa9ijNSi1dnQD9Rea3I
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1