Overview

overview

10

Static

static

5916EAC72F...0C.exe

windows7_x64

10

5916EAC72F...0C.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5916EAC72F7396EDFF49CAD9DCD8D80C.exe

  • Size

    120KB

  • Sample

    210901-rmaabn9ma2

  • MD5

    5916eac72f7396edff49cad9dcd8d80c

  • SHA1

    8e49c5a46c86c239ea314513ef80e0e275541e19

  • SHA256

    b13fbd200b38f02c0278e54483e641a2cfb41acd1a90bed78ac8791d0c1cf5b2

  • SHA512

    e584db22f6f01714f32061846d4ee26e400889c984aef744a73a66a5f4b1a6bace6906f55b48bb45a7aaa8677f0a51b8aabc9536216632abaa0480983038dff9

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

107.152.99.41:54893

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      5916EAC72F7396EDFF49CAD9DCD8D80C.exe

    • Size

      120KB

    • MD5

      5916eac72f7396edff49cad9dcd8d80c

    • SHA1

      8e49c5a46c86c239ea314513ef80e0e275541e19

    • SHA256

      b13fbd200b38f02c0278e54483e641a2cfb41acd1a90bed78ac8791d0c1cf5b2

    • SHA512

      e584db22f6f01714f32061846d4ee26e400889c984aef744a73a66a5f4b1a6bace6906f55b48bb45a7aaa8677f0a51b8aabc9536216632abaa0480983038dff9

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks