Overview

overview

10

Static

static

0deYeauE.exe

windows7_x64

10

0deYeauE.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0deYeauE.exe

  • Size

    23KB

  • Sample

    210102-7cvr7fkz3e

  • MD5

    88976018f61870784cc2fb1483302786

  • SHA1

    feeb5746d9ce5220c33554481f037be68189a504

  • SHA256

    3a6cd04a3598e161e9b0c5cc80df7902e6e4d5cb1f47247682cd4b785a2f7b8a

  • SHA512

    a1a88d2f28aca6315cbd70e5469c921cbd8e0407fa875b8ee8945a9c076caa4043fe8f7bdfeec43d9cadde8bc030cf95d27fc3bf9b5b138a403a171c68979ce2

Score
10/10
njrathollaevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

holla

C2

jadory11.ddns.net:1177

Mutex

df7d92fe2d31c000f0a9d24717414079

Attributes
  • reg_key

    df7d92fe2d31c000f0a9d24717414079

  • splitter

    |'|'|

Targets

    • Target

      0deYeauE.exe

    • Size

      23KB

    • MD5

      88976018f61870784cc2fb1483302786

    • SHA1

      feeb5746d9ce5220c33554481f037be68189a504

    • SHA256

      3a6cd04a3598e161e9b0c5cc80df7902e6e4d5cb1f47247682cd4b785a2f7b8a

    • SHA512

      a1a88d2f28aca6315cbd70e5469c921cbd8e0407fa875b8ee8945a9c076caa4043fe8f7bdfeec43d9cadde8bc030cf95d27fc3bf9b5b138a403a171c68979ce2

    Score
    10/10
    njrathollaevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks