General

  • Target

    2025-07-02_e6f9ec45d3eccd3548de9c932535149b_elex_stop

  • Size

    833KB

  • Sample

    250702-xllh1s1jt3

  • MD5

    e6f9ec45d3eccd3548de9c932535149b

  • SHA1

    4fe7c9ae14e0e6b5b33c12d07a42bb9fb578bbf0

  • SHA256

    77e8df4dc20ff4d8b15ff464061c71447e20c14a51ee6bf5344a11fddbc3c1c6

  • SHA512

    cb41445b92b334e8c3614e3fd93bf3b039b33866f7deb8459209608a6e89735233bdeb77f84783d675cb1104e98d0a15ba11a174bb7441b6c752cb131da09960

  • SSDEEP

    12288:jH7Wcjdc/r2sxxiPGGAOOPSXDV8ClgVYhX5FSslidHc5/DjREmVfvy47aSQ:jbCj2sObHtqQEdHcRDjCmVfq4ed

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

jjj

C2

youri.mooo.com:1605

Mutex

e936a10f968ac948cd351c9629dbd36d

Attributes
  • reg_key

    e936a10f968ac948cd351c9629dbd36d

  • splitter

    |'|'|

Targets

    • Target

      2025-07-02_e6f9ec45d3eccd3548de9c932535149b_elex_stop

    • Size

      833KB

    • MD5

      e6f9ec45d3eccd3548de9c932535149b

    • SHA1

      4fe7c9ae14e0e6b5b33c12d07a42bb9fb578bbf0

    • SHA256

      77e8df4dc20ff4d8b15ff464061c71447e20c14a51ee6bf5344a11fddbc3c1c6

    • SHA512

      cb41445b92b334e8c3614e3fd93bf3b039b33866f7deb8459209608a6e89735233bdeb77f84783d675cb1104e98d0a15ba11a174bb7441b6c752cb131da09960

    • SSDEEP

      12288:jH7Wcjdc/r2sxxiPGGAOOPSXDV8ClgVYhX5FSslidHc5/DjREmVfvy47aSQ:jbCj2sObHtqQEdHcRDjCmVfq4ed

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks