Overview

overview

10

Static

static

b62b55b6ff...77.exe

windows7_x64

10

b62b55b6ff...77.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b62b55b6ffff01b6540348967c9f7b1361ffb5e860c2559ad00ef77036685277

  • Size

    26KB

  • Sample

    210228-ykzymn4kws

  • MD5

    043335fcd3a8b4b6d85861b9e5c27b74

  • SHA1

    567bb55395160fd165bdd6ba17176399cb54bc58

  • SHA256

    b62b55b6ffff01b6540348967c9f7b1361ffb5e860c2559ad00ef77036685277

  • SHA512

    426521fc7888079b97e91a3a4d4b1bcc29f5bc0a914ded979970f3b22c625866c26123ff9f0c6baca85abb5fbd5e9b0d053277402d111b343fc11b87fba93529

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.7.108:1177

Mutex

017c060db3a2fd47416ea61ee39f9282

Attributes
  • reg_key

    017c060db3a2fd47416ea61ee39f9282

  • splitter

    |'|'|

Targets

    • Target

      b62b55b6ffff01b6540348967c9f7b1361ffb5e860c2559ad00ef77036685277

    • Size

      26KB

    • MD5

      043335fcd3a8b4b6d85861b9e5c27b74

    • SHA1

      567bb55395160fd165bdd6ba17176399cb54bc58

    • SHA256

      b62b55b6ffff01b6540348967c9f7b1361ffb5e860c2559ad00ef77036685277

    • SHA512

      426521fc7888079b97e91a3a4d4b1bcc29f5bc0a914ded979970f3b22c625866c26123ff9f0c6baca85abb5fbd5e9b0d053277402d111b343fc11b87fba93529

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks