Overview

overview

10

Static

static

2AD561E9BB...32.exe

windows7_x64

10

2AD561E9BB...32.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2AD561E9BB9F780F56D5E7A280574432.exe

  • Size

    375KB

  • Sample

    210813-a2p51fw96x

  • MD5

    2ad561e9bb9f780f56d5e7a280574432

  • SHA1

    e6bc833d62ef0ec1e08674a0a8707e3ce2f09007

  • SHA256

    54f33fa555874b30e6045c4bfd467779b0683e1bcafb69d0987c59019203c9d3

  • SHA512

    8b74c1f6df444ce101102e3b036e2f77c9e0b1ebb085db2de8e45905ab10b47c845040548901632c130c4db6b4403a5905d864c461cb9bed6cd5fe49fc0ce064

Score
10/10
njrathackedevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

212.192.241.42:5552

Mutex

34adf4afddd35097c6bf7951c5baad3a

Attributes
  • reg_key

    34adf4afddd35097c6bf7951c5baad3a

  • splitter

    |'|'|

Targets

    • Target

      2AD561E9BB9F780F56D5E7A280574432.exe

    • Size

      375KB

    • MD5

      2ad561e9bb9f780f56d5e7a280574432

    • SHA1

      e6bc833d62ef0ec1e08674a0a8707e3ce2f09007

    • SHA256

      54f33fa555874b30e6045c4bfd467779b0683e1bcafb69d0987c59019203c9d3

    • SHA512

      8b74c1f6df444ce101102e3b036e2f77c9e0b1ebb085db2de8e45905ab10b47c845040548901632c130c4db6b4403a5905d864c461cb9bed6cd5fe49fc0ce064

    Score
    10/10
    persistencenjrathackedevasionsuricatatrojan

    • Modifies WinLogon for persistence

      persistence

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks