Overview

overview

10

Static

static

OrderReque...td.exe

windows7_x64

10

OrderReque...td.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OrderRequest29032021_BituChemLtd.exe

  • Size

    363KB

  • Sample

    210329-sj3qn1y39x

  • MD5

    5668a086e3c47ec9cdb8c02b36fd3395

  • SHA1

    263b69b49ad9ab8237f706f91f42ff889d939f61

  • SHA256

    4b1cbc04c8e1b83928148304d772cbf7c55b7aaedf520720b2bf2a6a77fd34a3

  • SHA512

    12d8b17d413cbe4fd3853f548db9984175c0d90385b2ea6b9b6ba37672ae90f31f44f33ac242654e144a54806eab08ce6b43da7581b6daf5e6a2e3decfa41c7e

Score
10/10
njrat2021$$$evasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2021$$$

C2

194.5.98.210:4040

Mutex

0ef5de3f5b1fb89677ba03e41fa0a05a

Attributes
  • reg_key

    0ef5de3f5b1fb89677ba03e41fa0a05a

  • splitter

    |'|'|

Targets

    • Target

      OrderRequest29032021_BituChemLtd.exe

    • Size

      363KB

    • MD5

      5668a086e3c47ec9cdb8c02b36fd3395

    • SHA1

      263b69b49ad9ab8237f706f91f42ff889d939f61

    • SHA256

      4b1cbc04c8e1b83928148304d772cbf7c55b7aaedf520720b2bf2a6a77fd34a3

    • SHA512

      12d8b17d413cbe4fd3853f548db9984175c0d90385b2ea6b9b6ba37672ae90f31f44f33ac242654e144a54806eab08ce6b43da7581b6daf5e6a2e3decfa41c7e

    Score
    10/10
    njrat2021$$$evasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks