Overview

overview

10

Static

static

SecuriteIn...26.exe

windows7_x64

10

SecuriteIn...26.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.ArtemisCCFFA416D71A.3757.1626

  • Size

    919KB

  • Sample

    210712-eq3beqyl2n

  • MD5

    ccffa416d71ae9cec2a09136a87a656e

  • SHA1

    06ed67baace03cb08ac03b4b7ede85f716cd683f

  • SHA256

    5750ac496c4e8a62e2f46af468ec5a2fdbfd9e13c681644f5d1f2269e3458aad

  • SHA512

    89d6f9f18191e91f74d697bccd1a02885866834c95759bef8811e32fb675bfcb14db4ad47a9c704dc825ffec7e2a4d2e960b112d2bbb050bb3b3dfd3675f3e4f

Score
10/10
njrat2021$$$agilenetevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

2021$$$

C2

194.5.98.210:4040

Mutex

0ef5de3f5b1fb89677ba03e41fa0a05a

Attributes
  • reg_key

    0ef5de3f5b1fb89677ba03e41fa0a05a

  • splitter

    |'|'|

Targets

    • Target

      SecuriteInfo.com.ArtemisCCFFA416D71A.3757.1626

    • Size

      919KB

    • MD5

      ccffa416d71ae9cec2a09136a87a656e

    • SHA1

      06ed67baace03cb08ac03b4b7ede85f716cd683f

    • SHA256

      5750ac496c4e8a62e2f46af468ec5a2fdbfd9e13c681644f5d1f2269e3458aad

    • SHA512

      89d6f9f18191e91f74d697bccd1a02885866834c95759bef8811e32fb675bfcb14db4ad47a9c704dc825ffec7e2a4d2e960b112d2bbb050bb3b3dfd3675f3e4f

    Score
    10/10
    njrat2021$$$agilenetevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks