Overview

overview

10

Static

static

084Fxy9f.exe

windows7_x64

10

084Fxy9f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    084Fxy9f.exe

  • Size

    182KB

  • Sample

    201223-wd213rys92

  • MD5

    03f42fa4bb4551157d493df896904f6d

  • SHA1

    70fc59125cde458b573fa3394e95b50ae08c0728

  • SHA256

    782818678a45e29fa285a560b0e3cb2aa9cd766fbeb228cf97eabdb712a03008

  • SHA512

    a39669af4a3bdfc853c458272c19171f90075f9debc833a7f3b29f67604c67522f9d9bca33ff9aa0bda3d8c50c4b1db8468b4894b05c58935998d5586d8dced2

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

154.202.3.84:5552

Mutex

c0792765cb20555a6d17a1641ac2d34e

Attributes
  • reg_key

    c0792765cb20555a6d17a1641ac2d34e

  • splitter

    |'|'|

Targets

    • Target

      084Fxy9f.exe

    • Size

      182KB

    • MD5

      03f42fa4bb4551157d493df896904f6d

    • SHA1

      70fc59125cde458b573fa3394e95b50ae08c0728

    • SHA256

      782818678a45e29fa285a560b0e3cb2aa9cd766fbeb228cf97eabdb712a03008

    • SHA512

      a39669af4a3bdfc853c458272c19171f90075f9debc833a7f3b29f67604c67522f9d9bca33ff9aa0bda3d8c50c4b1db8468b4894b05c58935998d5586d8dced2

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks