Overview

overview

10

Static

static

50577B8D20...68.exe

windows7_x64

10

50577B8D20...68.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50577B8D20E216E731721C76975564AB1A6FEEB16B168.exe

  • Size

    258KB

  • Sample

    210911-mga7dabcd8

  • MD5

    303c6c4a9296d2eb2346f3c457465556

  • SHA1

    0d0432b65763d233b7369019ba1ab7bc9ff4209f

  • SHA256

    50577b8d20e216e731721c76975564ab1a6feeb16b168d7ff09e6e38b3eec0b0

  • SHA512

    1fcb0939ebf6ac84c0f9d954437ebf63676d93465bb0f0a0763da253cc2025ec135720217476acfae8b3b8e7947a27bd1a4fda931be2cca01022912c05e98226

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      50577B8D20E216E731721C76975564AB1A6FEEB16B168.exe

    • Size

      258KB

    • MD5

      303c6c4a9296d2eb2346f3c457465556

    • SHA1

      0d0432b65763d233b7369019ba1ab7bc9ff4209f

    • SHA256

      50577b8d20e216e731721c76975564ab1a6feeb16b168d7ff09e6e38b3eec0b0

    • SHA512

      1fcb0939ebf6ac84c0f9d954437ebf63676d93465bb0f0a0763da253cc2025ec135720217476acfae8b3b8e7947a27bd1a4fda931be2cca01022912c05e98226

    Score
    10/10
    njratevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks