Overview

overview

10

Static

static

E09X22g2.exe

windows7_x64

10

E09X22g2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E09X22g2.exe

  • Size

    184KB

  • Sample

    201217-3ajrbzk1h2

  • MD5

    000579e232064ea6e4e9fd1ce870361d

  • SHA1

    bcac8e8517c843f199a962751b4a8987b991ab3b

  • SHA256

    8d723d2727c63c207d3e3716f0d246d52bbbb4d400ee4048ab9fd99a5aba114d

  • SHA512

    3df6c9b1c33b3392bcc41b1af9e010e1e41515a132f1d0af078d29182eaeae0e5f2ca375a997232a1ed99cad863cba8bd2f651c055234757da494c9232132022

Score
10/10
njratoffice365crackevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Haf4me

Botnet

office365crack

C2

183.111.171.219:4444

Mutex

428ec06e05bf9ee28c0f7f01b5476028

Attributes
  • reg_key

    428ec06e05bf9ee28c0f7f01b5476028

  • splitter

    |'|'|

Targets

    • Target

      E09X22g2.exe

    • Size

      184KB

    • MD5

      000579e232064ea6e4e9fd1ce870361d

    • SHA1

      bcac8e8517c843f199a962751b4a8987b991ab3b

    • SHA256

      8d723d2727c63c207d3e3716f0d246d52bbbb4d400ee4048ab9fd99a5aba114d

    • SHA512

      3df6c9b1c33b3392bcc41b1af9e010e1e41515a132f1d0af078d29182eaeae0e5f2ca375a997232a1ed99cad863cba8bd2f651c055234757da494c9232132022

    Score
    10/10
    njratoffice365crackevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks