Overview

overview

10

Static

static

7

PBHACK.exe

windows7_x64

10

PBHACK.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PBHACK.exe

  • Size

    1.3MB

  • Sample

    210719-exrtrx9536

  • MD5

    a5ed586c6aa4674092bb6bd521affddd

  • SHA1

    cd0034fafdcab582fa4b12ff2c5bbdceeca62533

  • SHA256

    c2bea2d868e82aacc04296992cd63a14383592c225b868eaf0609299557c55a2

  • SHA512

    f1b54ed8f3031dd36c01bd16580f673f004c9f68c8749e5c20b12b2cf65e780140aeddbe2a2d20f6ca787759bf3563a3cbe2d37f02937dbc46ab2615932d8a24

Score
10/10
njratpbhackagilenetevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

PBHACK

C2

zetsubranco.duckdns.org:1177

Mutex

043f16f4cc1323e18d4d845c634e9302

Attributes
  • reg_key

    043f16f4cc1323e18d4d845c634e9302

  • splitter

    |'|'|

Targets

    • Target

      PBHACK.exe

    • Size

      1.3MB

    • MD5

      a5ed586c6aa4674092bb6bd521affddd

    • SHA1

      cd0034fafdcab582fa4b12ff2c5bbdceeca62533

    • SHA256

      c2bea2d868e82aacc04296992cd63a14383592c225b868eaf0609299557c55a2

    • SHA512

      f1b54ed8f3031dd36c01bd16580f673f004c9f68c8749e5c20b12b2cf65e780140aeddbe2a2d20f6ca787759bf3563a3cbe2d37f02937dbc46ab2615932d8a24

    Score
    10/10
    njratpbhackagilenetevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks