Overview

overview

10

Static

static

59B45EF1DA...D1.exe

windows7_x64

59B45EF1DA...D1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59B45EF1DA7D5DD6D2CB29796794FAE90F67F13566DD1.exe

  • Size

    884KB

  • Sample

    210905-yd4kashge4

  • MD5

    c865447ddf5a946a5663c824ec3a8f28

  • SHA1

    dd713980b874a10f6eb1c8e4cf6343e2d28afa8f

  • SHA256

    59b45ef1da7d5dd6d2cb29796794fae90f67f13566dd15864fe4a65e42b9d7b7

  • SHA512

    5238aef22f795be8c1ab5afbae5e5f9f5a3e07880dada27ce353438c147fab09a4f1b51529b391d3dbdffa177120a90af97a1431b7b9b2dc4007a2edfcccc6fb

Score
10/10
njratskypepersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

SKYPE

C2

browserskype.duckdns.org:2024

Mutex

CNAODt.exe

Attributes
  • reg_key

    CNAODt.exe

  • splitter

    zaq1

Targets

    • Target

      59B45EF1DA7D5DD6D2CB29796794FAE90F67F13566DD1.exe

    • Size

      884KB

    • MD5

      c865447ddf5a946a5663c824ec3a8f28

    • SHA1

      dd713980b874a10f6eb1c8e4cf6343e2d28afa8f

    • SHA256

      59b45ef1da7d5dd6d2cb29796794fae90f67f13566dd15864fe4a65e42b9d7b7

    • SHA512

      5238aef22f795be8c1ab5afbae5e5f9f5a3e07880dada27ce353438c147fab09a4f1b51529b391d3dbdffa177120a90af97a1431b7b9b2dc4007a2edfcccc6fb

    Score
    10/10
    njratskypepersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks