General
-
Target
Gaming Chair.exe
-
Size
7.0MB
-
Sample
250122-vxg9maxpbl
-
MD5
b97c8aab67e949a5e43905ceed9b0319
-
SHA1
5b9f0aa33a1e4e325370711d950fdf06b737993f
-
SHA256
cc749c708de955f129b1bf7ff198b28c906f6a233ac6dba95fe2acfd3009a32d
-
SHA512
e2c3a1773859c6e76a1dc155593ff96983cd1d499c4e9e3ff732027167d81b484c0d774652a7486e778b66b7abcb4d645b1d31c6b8199b95c4000ea6e7d40580
-
SSDEEP
98304:iSLCUGG+t+aCnfFXL/LNIRDB3YP1SnPWMO5RadDNkZCXA/G3Ra3Eql:8UGGw+zRIRFIP1Y+MooOHwRa3v
Malware Config
Extracted
njrat
0.7d
Lammer
station-gps.gl.at.ply.gg:26933
ded5a8703334377d83da00a864706211
-
reg_key
ded5a8703334377d83da00a864706211
-
splitter
|'|'|
Targets
-
-
Target
Gaming Chair.exe
-
Size
7.0MB
-
MD5
b97c8aab67e949a5e43905ceed9b0319
-
SHA1
5b9f0aa33a1e4e325370711d950fdf06b737993f
-
SHA256
cc749c708de955f129b1bf7ff198b28c906f6a233ac6dba95fe2acfd3009a32d
-
SHA512
e2c3a1773859c6e76a1dc155593ff96983cd1d499c4e9e3ff732027167d81b484c0d774652a7486e778b66b7abcb4d645b1d31c6b8199b95c4000ea6e7d40580
-
SSDEEP
98304:iSLCUGG+t+aCnfFXL/LNIRDB3YP1SnPWMO5RadDNkZCXA/G3Ra3Eql:8UGGw+zRIRFIP1Y+MooOHwRa3v
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
2Disable or Modify System Firewall
1Modify Registry
1