Overview

overview

10

Static

static

1VG2GyDy.exe

windows7_x64

10

1VG2GyDy.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1VG2GyDy.exe

  • Size

    23KB

  • Sample

    201223-2f94b684ts

  • MD5

    3ec3b32cc2f8d5b71b8a697840633170

  • SHA1

    23bbf2d4a77abc01eb5af83e8ae120d4ae36b9fa

  • SHA256

    476679732c3c164813c683fb7e6f75ef6e4cb314250a4227421ce7dced010eb3

  • SHA512

    ad7160f26a3aec4c71572c5a77d0193810ba1f2d09b476a21c38aed4ed3a49f9737b3085fe8b5e81bd9219cfdd3e83790a44fb2b9930b97e0e3d4cd8b40d59d3

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

103.45.182.184:5552

Mutex

3a731f9a5537d3d4edee6a499ba30e6b

Attributes
  • reg_key

    3a731f9a5537d3d4edee6a499ba30e6b

  • splitter

    |'|'|

Targets

    • Target

      1VG2GyDy.exe

    • Size

      23KB

    • MD5

      3ec3b32cc2f8d5b71b8a697840633170

    • SHA1

      23bbf2d4a77abc01eb5af83e8ae120d4ae36b9fa

    • SHA256

      476679732c3c164813c683fb7e6f75ef6e4cb314250a4227421ce7dced010eb3

    • SHA512

      ad7160f26a3aec4c71572c5a77d0193810ba1f2d09b476a21c38aed4ed3a49f9737b3085fe8b5e81bd9219cfdd3e83790a44fb2b9930b97e0e3d4cd8b40d59d3

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks