General
-
Target
349eb032f83b1c18ca84976e85b6ab505239e30b19c766baada9f4b1f4224dc4N.exe
-
Size
136KB
-
Sample
250120-a76pratpfj
-
MD5
aca9ed00b92ed958d072b3f5aa682170
-
SHA1
eb0fd045c5cfa070af8c9ac630e2669ae6d4d3dd
-
SHA256
349eb032f83b1c18ca84976e85b6ab505239e30b19c766baada9f4b1f4224dc4
-
SHA512
c55267a11ade59f14901677e616410d65cc4dec2a89363a2440185c369b80634de8441f34cbeea4db642df3fc11f6c7723697ee83c86f2af98625a75db9ad3b8
-
SSDEEP
1536:OWzOx6baIa9RIj00ljEwzGi1dD3DXgSAhA4OK4VVpuXQQdo3M:OWLbaIa9ijNSi1dnQD9Rea3
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
127.0.0.1:5552
a673af9338ff8860401a647b33db3833
-
reg_key
a673af9338ff8860401a647b33db3833
-
splitter
|'|'|
Targets
-
-
Target
349eb032f83b1c18ca84976e85b6ab505239e30b19c766baada9f4b1f4224dc4N.exe
-
Size
136KB
-
MD5
aca9ed00b92ed958d072b3f5aa682170
-
SHA1
eb0fd045c5cfa070af8c9ac630e2669ae6d4d3dd
-
SHA256
349eb032f83b1c18ca84976e85b6ab505239e30b19c766baada9f4b1f4224dc4
-
SHA512
c55267a11ade59f14901677e616410d65cc4dec2a89363a2440185c369b80634de8441f34cbeea4db642df3fc11f6c7723697ee83c86f2af98625a75db9ad3b8
-
SSDEEP
1536:OWzOx6baIa9RIj00ljEwzGi1dD3DXgSAhA4OK4VVpuXQQdo3M:OWLbaIa9ijNSi1dnQD9Rea3
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1