Overview

overview

10

Static

static

tools.exe

windows7_x64

10

tools.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tools.exe

  • Size

    31KB

  • Sample

    210803-a4xdcgtj6s

  • MD5

    49b8f905867aded45f1f5b3c9bd84209

  • SHA1

    0a87788428778dba567623ccc9be6825eba4b7c7

  • SHA256

    02883009e7e310bf670bff6336cb6c05c5ecfe0b40274a99b769e8fbfae19ad3

  • SHA512

    1c9d2b7bb3948ad8f3cae541602575b9eacc2a212ab0a6e7c148a24a72e36986e4c46d646244837dc3ea7c71f3db90629f7ee68ef18565d67f93d1f801308361

Score
10/10
njrathackevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HACK

C2

43.229.151.64:5552

Mutex

6825da1e045502b22d4b02d4028214ab

Attributes
  • reg_key

    6825da1e045502b22d4b02d4028214ab

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      tools.exe

    • Size

      31KB

    • MD5

      49b8f905867aded45f1f5b3c9bd84209

    • SHA1

      0a87788428778dba567623ccc9be6825eba4b7c7

    • SHA256

      02883009e7e310bf670bff6336cb6c05c5ecfe0b40274a99b769e8fbfae19ad3

    • SHA512

      1c9d2b7bb3948ad8f3cae541602575b9eacc2a212ab0a6e7c148a24a72e36986e4c46d646244837dc3ea7c71f3db90629f7ee68ef18565d67f93d1f801308361

    Score
    10/10
    njrathackevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks