Overview

overview

10

Static

static

10

4.ex.exe

windows7_x64

10

4.ex.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4.ex

  • Size

    23KB

  • Sample

    210910-ps96ysaba9

  • MD5

    5a5913f5e716b5e77308de165ec9cad2

  • SHA1

    475542ce79804f08f5e46127228b48cf95d08786

  • SHA256

    cb002303aebb1d369d369c47c96a27ee5d6597ed6cf7693ad633f573da25f4cd

  • SHA512

    3e77b4cd2e7380ab3fbd61f432613c3ace3583e88d21deae14c409f20bd2fca84f2054e3cfd91ca75ecbf99829398d322425e978fa02d99c424a1d2057ae3ff5

Score
10/10
njratsystem exporerevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

System Exporer

C2

subscribedao3001.hopto.org:3001

Mutex

ab812c7bd0447f8878bc9c41022ce9f9

Attributes
  • reg_key

    ab812c7bd0447f8878bc9c41022ce9f9

  • splitter

    |'|'|

Targets

    • Target

      4.ex

    • Size

      23KB

    • MD5

      5a5913f5e716b5e77308de165ec9cad2

    • SHA1

      475542ce79804f08f5e46127228b48cf95d08786

    • SHA256

      cb002303aebb1d369d369c47c96a27ee5d6597ed6cf7693ad633f573da25f4cd

    • SHA512

      3e77b4cd2e7380ab3fbd61f432613c3ace3583e88d21deae14c409f20bd2fca84f2054e3cfd91ca75ecbf99829398d322425e978fa02d99c424a1d2057ae3ff5

    Score
    10/10
    njratsystem exporerevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks