Overview

overview

10

Static

static

04E1A14639...02.exe

windows7_x64

10

04E1A14639...02.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04E1A14639F9FD0903F21EDD99B1CADC9267B0AC2F402.exe

  • Size

    91KB

  • Sample

    210916-axxzvsegdj

  • MD5

    8e0342b0a50e046c2b22f6d9548024eb

  • SHA1

    0378936325dd0a19ac2547ad462017db60d9d315

  • SHA256

    04e1a14639f9fd0903f21edd99b1cadc9267b0ac2f402863d6eb3acc4d48acf7

  • SHA512

    cc9a2a0bcfbfd686b7be8487cc95eec046b30a46878cea40a457082478b5b6f00965b54d81cf4a3b7659fd087a27e0f0ad1c6f47cbbab7ff82f5b5bc3fb95876

Score
10/10
njrathackedevasionsuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

kanichnadia.duckdns.org:1979

Mutex

c9b81cdf127358c4e9ff59acf837f3c6

Attributes
  • reg_key

    c9b81cdf127358c4e9ff59acf837f3c6

  • splitter

    |'|'|

Targets

    • Target

      04E1A14639F9FD0903F21EDD99B1CADC9267B0AC2F402.exe

    • Size

      91KB

    • MD5

      8e0342b0a50e046c2b22f6d9548024eb

    • SHA1

      0378936325dd0a19ac2547ad462017db60d9d315

    • SHA256

      04e1a14639f9fd0903f21edd99b1cadc9267b0ac2f402863d6eb3acc4d48acf7

    • SHA512

      cc9a2a0bcfbfd686b7be8487cc95eec046b30a46878cea40a457082478b5b6f00965b54d81cf4a3b7659fd087a27e0f0ad1c6f47cbbab7ff82f5b5bc3fb95876

    Score
    10/10
    njrathackedevasionsuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Modifies Windows Firewall

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks