Overview

overview

10

Static

static

1

1372e97a93...50.png

windows10-1703-x64

10

1372e97a93...50.png

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1372e97a93c00d57f2190da64fc3da50.png

  • Size

    382KB

  • Sample

    240427-17lyfsaa8t

  • MD5

    c524a42975fff5f0620931405630f712

  • SHA1

    26f971d2bbcc3d3689e02f8f44da020e8901bc1c

  • SHA256

    67d49da3a5afa1d4f8c7465ff0c8cb01f8c284ed05edb5b1c40c98e5033f9315

  • SHA512

    773bd6a5682e63bd91e685f637eb1cbebc7f3f60cdb9cb22eb0f6273bb3db72d7f286a5aaae35c812c084cc5793d694cc5e6a25c50c2b03cacdca66925968af2

  • SSDEEP

    6144:SCd0mB17dg8EH9vh4PMxIdnbtAzalkitA2KlZxP87ebNtE0zVzYnYZL6+K3ELPX/:XPB17dg8EH9JydOzalkitYfTDVzYIo4P

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552
Mutex

042bba3290fd931399f1c25f9a00f01f

Attributes
  • reg_key

    042bba3290fd931399f1c25f9a00f01f

  • splitter

    |'|'|

Targets

    • Target

      1372e97a93c00d57f2190da64fc3da50.png

    • Size

      382KB

    • MD5

      c524a42975fff5f0620931405630f712

    • SHA1

      26f971d2bbcc3d3689e02f8f44da020e8901bc1c

    • SHA256

      67d49da3a5afa1d4f8c7465ff0c8cb01f8c284ed05edb5b1c40c98e5033f9315

    • SHA512

      773bd6a5682e63bd91e685f637eb1cbebc7f3f60cdb9cb22eb0f6273bb3db72d7f286a5aaae35c812c084cc5793d694cc5e6a25c50c2b03cacdca66925968af2

    • SSDEEP

      6144:SCd0mB17dg8EH9vh4PMxIdnbtAzalkitA2KlZxP87ebNtE0zVzYnYZL6+K3ELPX/:XPB17dg8EH9JydOzalkitYfTDVzYIo4P

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks