Overview

overview

10

Static

static

10

BBEE2132C1...9A.exe

windows7_x64

8

BBEE2132C1...9A.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BBEE2132C158E1F3CA52FECFC2E0F3AF061336E7DCE9A.exe

  • Size

    93KB

  • Sample

    210909-abgezsfcc7

  • MD5

    2fb14f79f89503e1ef4616df1ef4139e

  • SHA1

    8761ec8741c54c78f6959cf565babe76a2f321f8

  • SHA256

    bbee2132c158e1f3ca52fecfc2e0f3af061336e7dce9ad7a529191bf9d92491e

  • SHA512

    e9db04a686203a3370c9973ea7a22b0acc6291a864856cd6bf62a7b3a378e0223b49cde30c247d4392c4cee267aaf2ca5026cfbc49042722a8f77c52454763a6

Score
10/10
njratrtfevasion

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

rtf

C2

FRANSESCOi50Y3Aubmdyb2suaW8Strik:MTQyMTQ=

Mutex

15c39336b5e94359958b4f902fa64012

Attributes
  • reg_key

    15c39336b5e94359958b4f902fa64012

  • splitter

    |'|'|

Targets

    • Target

      BBEE2132C158E1F3CA52FECFC2E0F3AF061336E7DCE9A.exe

    • Size

      93KB

    • MD5

      2fb14f79f89503e1ef4616df1ef4139e

    • SHA1

      8761ec8741c54c78f6959cf565babe76a2f321f8

    • SHA256

      bbee2132c158e1f3ca52fecfc2e0f3af061336e7dce9ad7a529191bf9d92491e

    • SHA512

      e9db04a686203a3370c9973ea7a22b0acc6291a864856cd6bf62a7b3a378e0223b49cde30c247d4392c4cee267aaf2ca5026cfbc49042722a8f77c52454763a6

    Score
    8/10
    evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks