General
-
Target
c79d7562344a4166e5a1e7698dc73ea5.exe
-
Size
93KB
-
Sample
250306-evc9wsxyay
-
MD5
c79d7562344a4166e5a1e7698dc73ea5
-
SHA1
bf03f7b156a359214bc405396d05442156d1cea2
-
SHA256
bc41bfef49ad75dc3e720a98495b8d6d0b82535e6b9371319abfc4ee9feccd9b
-
SHA512
1d618eab04172e3928b93a7aaa87f2358d4b04de2702ca315797471d1c34c66f6aa51042c5e1d17a3267c65bcfad3f969acc3f50c9b91d913027e922d996da6d
-
SSDEEP
1536:Xm9r7EkrjaFIs7E5Ox6Jn8LjEwzGi1dDFDogS:Xmhjau5OYVni1dpR
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
day-snapshot.gl.at.ply.gg:32278
9769439aab3af5938a7be71cb8c8805f
-
reg_key
9769439aab3af5938a7be71cb8c8805f
-
splitter
|'|'|
Targets
-
-
Target
c79d7562344a4166e5a1e7698dc73ea5.exe
-
Size
93KB
-
MD5
c79d7562344a4166e5a1e7698dc73ea5
-
SHA1
bf03f7b156a359214bc405396d05442156d1cea2
-
SHA256
bc41bfef49ad75dc3e720a98495b8d6d0b82535e6b9371319abfc4ee9feccd9b
-
SHA512
1d618eab04172e3928b93a7aaa87f2358d4b04de2702ca315797471d1c34c66f6aa51042c5e1d17a3267c65bcfad3f969acc3f50c9b91d913027e922d996da6d
-
SSDEEP
1536:Xm9r7EkrjaFIs7E5Ox6Jn8LjEwzGi1dDFDogS:Xmhjau5OYVni1dpR
Score10/10-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1