Overview

overview

10

Static

static

10

08B2E926B9...D0.exe

windows7_x64

10

08B2E926B9...D0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08B2E926B95DD3A599AF3A697C3D9B1512586A2587AD0.exe

  • Size

    23KB

  • Sample

    210908-rlp9bahggq

  • MD5

    755bd609b015768d247077ccbf2a407a

  • SHA1

    3484d468c4bda04f6c370118d03ab3ee5d1c43d0

  • SHA256

    08b2e926b95dd3a599af3a697c3d9b1512586a2587ad08d56b0ee4256fd33db1

  • SHA512

    cbe706d7daf9167112257761085bc5fab214dae27a6637c1b9dcbdd6d539e7893a049c4c7a1c457cd668e14dc03b0352c4311918d8cf19cf4973da4ccdddc3c2

Score
10/10
njrathackedevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

win08.zapto.org:84

Mutex

79627ac12211c58cdd3a218a06264901

Attributes
  • reg_key

    79627ac12211c58cdd3a218a06264901

  • splitter

    |'|'|

Targets

    • Target

      08B2E926B95DD3A599AF3A697C3D9B1512586A2587AD0.exe

    • Size

      23KB

    • MD5

      755bd609b015768d247077ccbf2a407a

    • SHA1

      3484d468c4bda04f6c370118d03ab3ee5d1c43d0

    • SHA256

      08b2e926b95dd3a599af3a697c3d9b1512586a2587ad08d56b0ee4256fd33db1

    • SHA512

      cbe706d7daf9167112257761085bc5fab214dae27a6637c1b9dcbdd6d539e7893a049c4c7a1c457cd668e14dc03b0352c4311918d8cf19cf4973da4ccdddc3c2

    Score
    10/10
    njrathackedevasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks