Overview

overview

10

Static

static

e24422a726...87.exe

windows7_x64

10

e24422a726...87.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e24422a7262bea6034d20d759f6e5787

  • Size

    23KB

  • Sample

    201214-g9llc5acy2

  • MD5

    e24422a7262bea6034d20d759f6e5787

  • SHA1

    f37f1d5521e74bd04d8336624d8e0918a5f780e5

  • SHA256

    36bd6850126b5f7b37d9627f4adbabd4ea13cc5db45fbc8ead58cfa43dd0f8fc

  • SHA512

    f1eee9aac8f4dca02ab7a6b2327e8f0fd1469ae327eb5058b500816f29be47c29b96863f67f1a0f5f9b6a9a60288ae6c95d72fd13f28b3e4b61ad615a39fac48

Score
10/10
njratbaeevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

bae

C2

asasasbb.hopto.org:81

Mutex

90ea31345bb2b19708b6ad94c9a81128

Attributes
  • reg_key

    90ea31345bb2b19708b6ad94c9a81128

  • splitter

    |'|'|

Targets

    • Target

      e24422a7262bea6034d20d759f6e5787

    • Size

      23KB

    • MD5

      e24422a7262bea6034d20d759f6e5787

    • SHA1

      f37f1d5521e74bd04d8336624d8e0918a5f780e5

    • SHA256

      36bd6850126b5f7b37d9627f4adbabd4ea13cc5db45fbc8ead58cfa43dd0f8fc

    • SHA512

      f1eee9aac8f4dca02ab7a6b2327e8f0fd1469ae327eb5058b500816f29be47c29b96863f67f1a0f5f9b6a9a60288ae6c95d72fd13f28b3e4b61ad615a39fac48

    Score
    10/10
    njratbaeevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks