Overview

overview

10

Static

static

B1jjiJCc.exe

windows7_x64

10

B1jjiJCc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B1jjiJCc.exe

  • Size

    23KB

  • Sample

    201228-a79cqsqyrs

  • MD5

    28a8a52dca43eb1e4fa40ef3b91ca37d

  • SHA1

    0d1cd0ee19cc993e9e7f52522795a7aa7afd1e44

  • SHA256

    ea5e746e22a5fea7fe514f9324088f98e6b7f7ad6c97ec972ab2667cb440ee41

  • SHA512

    3fb983b2e77dbf1f71587ccae00fde3341acb07cd3339b123acbaabbacbb5956bac5784f5443c7bbb631cec771967fb723263afbc99961f20bb96c126dd60b92

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

xoruf.ddns.net:5552

Mutex

1178e84f8817063764244d77a8a9d851

Attributes
  • reg_key

    1178e84f8817063764244d77a8a9d851

  • splitter

    @!#&^%$

Targets

    • Target

      B1jjiJCc.exe

    • Size

      23KB

    • MD5

      28a8a52dca43eb1e4fa40ef3b91ca37d

    • SHA1

      0d1cd0ee19cc993e9e7f52522795a7aa7afd1e44

    • SHA256

      ea5e746e22a5fea7fe514f9324088f98e6b7f7ad6c97ec972ab2667cb440ee41

    • SHA512

      3fb983b2e77dbf1f71587ccae00fde3341acb07cd3339b123acbaabbacbb5956bac5784f5443c7bbb631cec771967fb723263afbc99961f20bb96c126dd60b92

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks