Overview

overview

10

Static

static

S004-3664565-pdf.exe

windows7_x64

10

S004-3664565-pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    S004-3664565-pdf.exe

  • Size

    298KB

  • Sample

    210412-wvtxh5khpj

  • MD5

    47dc4ca4a458ec3b47e4c73311f39b98

  • SHA1

    0dd7495d2900aef8c03fe3e09eef0fa758619c9b

  • SHA256

    e8aa1d569976cfe238848da7f84e6ecc042f7864d9de6533988d6777d334ade5

  • SHA512

    7e0772feea9f8a7860be3b80625533ec93d7ec7e84b03b8c651d56e6b0e9983e967c2c30b80fcac79962053073adf74f127a91b68e2eb235224c4a429fe1c71b

Score
10/10
njrat2021$$$agilenetevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2021$$$

C2

194.5.98.210:4040

Mutex

0ef5de3f5b1fb89677ba03e41fa0a05a

Attributes
  • reg_key

    0ef5de3f5b1fb89677ba03e41fa0a05a

  • splitter

    |'|'|

Targets

    • Target

      S004-3664565-pdf.exe

    • Size

      298KB

    • MD5

      47dc4ca4a458ec3b47e4c73311f39b98

    • SHA1

      0dd7495d2900aef8c03fe3e09eef0fa758619c9b

    • SHA256

      e8aa1d569976cfe238848da7f84e6ecc042f7864d9de6533988d6777d334ade5

    • SHA512

      7e0772feea9f8a7860be3b80625533ec93d7ec7e84b03b8c651d56e6b0e9983e967c2c30b80fcac79962053073adf74f127a91b68e2eb235224c4a429fe1c71b

    Score
    10/10
    njrat2021$$$agilenetevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks