Overview

overview

10

Static

static

2764363369...34.exe

windows7_x64

10

2764363369...34.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27643633696fa248a0b4c71e49615434.exe

  • Size

    31KB

  • Sample

    210507-6s3nncjwvs

  • MD5

    27643633696fa248a0b4c71e49615434

  • SHA1

    649381492b07b574498b09fb8660594c01051860

  • SHA256

    8a6cb8e4c30304c28e48f7b231566f6cb6b0003f333ad391182d9e60ad822f81

  • SHA512

    a2d429ae10f5f1011d46f11599ee436b3497fda11910d8f10cba2508386b340da44d046925bbe419a26fe19b0bfb93eadb5f4458977f14dbd09b17f119845f5e

Score
10/10
njratmybotevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

4.tcp.ngrok.io:13423

Mutex

5b1aa42c8adf5af0231d2d07c548dec2

Attributes
  • reg_key

    5b1aa42c8adf5af0231d2d07c548dec2

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      27643633696fa248a0b4c71e49615434.exe

    • Size

      31KB

    • MD5

      27643633696fa248a0b4c71e49615434

    • SHA1

      649381492b07b574498b09fb8660594c01051860

    • SHA256

      8a6cb8e4c30304c28e48f7b231566f6cb6b0003f333ad391182d9e60ad822f81

    • SHA512

      a2d429ae10f5f1011d46f11599ee436b3497fda11910d8f10cba2508386b340da44d046925bbe419a26fe19b0bfb93eadb5f4458977f14dbd09b17f119845f5e

    Score
    10/10
    njratmybotevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks