Overview

overview

10

Static

static

10

93FE344BD0...2B.exe

windows7_x64

10

93FE344BD0...2B.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93FE344BD0960DFBFCE8FD9C20127D1C75EC414E7A72B.exe

  • Size

    23KB

  • Sample

    210915-xvxmmsebhj

  • MD5

    37799e802b833bad50ef3267e495059c

  • SHA1

    6df1d946f3c0f81e0029546f15fa49b34c6af587

  • SHA256

    93fe344bd0960dfbfce8fd9c20127d1c75ec414e7a72b2e41fac998c7594327b

  • SHA512

    95d5bb9968e7631052cc7ded5b7b9117b406ef05f25b85ca24e0e66176d44a201a462c6458d7f579b2f31bcfd8db0f1895b1d972ca589919ff942ad4b9c35bfa

Score
10/10
njratwindowsevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Windows

C2

dr-mesho.ddns.net:5552

Mutex

999006ebf1e2e9a7848a18a5a49cb936

Attributes
  • reg_key

    999006ebf1e2e9a7848a18a5a49cb936

  • splitter

    |'|'|

Targets

    • Target

      93FE344BD0960DFBFCE8FD9C20127D1C75EC414E7A72B.exe

    • Size

      23KB

    • MD5

      37799e802b833bad50ef3267e495059c

    • SHA1

      6df1d946f3c0f81e0029546f15fa49b34c6af587

    • SHA256

      93fe344bd0960dfbfce8fd9c20127d1c75ec414e7a72b2e41fac998c7594327b

    • SHA512

      95d5bb9968e7631052cc7ded5b7b9117b406ef05f25b85ca24e0e66176d44a201a462c6458d7f579b2f31bcfd8db0f1895b1d972ca589919ff942ad4b9c35bfa

    Score
    10/10
    njratwindowsevasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks