Overview

overview

10

Static

static

50ebed086e...d8.exe

windows7_x64

10

50ebed086e...d8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50ebed086e84460278fdc76569f77dd8

  • Size

    23KB

  • Sample

    201214-fampbwbc7e

  • MD5

    50ebed086e84460278fdc76569f77dd8

  • SHA1

    7fddfcde981473aa1a01ba75bc378b0a5e21decb

  • SHA256

    14f837bcd3aee5cfc35e4f7d09dab2f92248f588936c12cd0388419528e84165

  • SHA512

    39f61925b794df1c76318422a283ac9d07d9afa2bf68908f8fb0c772b098bea80db26eedfaaad60dba6e2eb504148c519b35a9a94407ede99bc45a35b0b9b1c8

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

son1.ddns.net:1177

Mutex

1b1073521708658cc521193d85ed3567

Attributes
  • reg_key

    1b1073521708658cc521193d85ed3567

  • splitter

    |'|'|

Targets

    • Target

      50ebed086e84460278fdc76569f77dd8

    • Size

      23KB

    • MD5

      50ebed086e84460278fdc76569f77dd8

    • SHA1

      7fddfcde981473aa1a01ba75bc378b0a5e21decb

    • SHA256

      14f837bcd3aee5cfc35e4f7d09dab2f92248f588936c12cd0388419528e84165

    • SHA512

      39f61925b794df1c76318422a283ac9d07d9afa2bf68908f8fb0c772b098bea80db26eedfaaad60dba6e2eb504148c519b35a9a94407ede99bc45a35b0b9b1c8

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks