Overview

overview

10

Static

static

10

D5CF874963...24.exe

windows7_x64

10

D5CF874963...24.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe

  • Size

    93KB

  • Sample

    210916-wndqhsggdj

  • MD5

    6bce1d7caa5f71ca7d4620296fc9d775

  • SHA1

    c4af16a65dbdb2a17fe4c3e4811d953c5d501808

  • SHA256

    d5cf8749638c96e98d4daae21da684b45da35fc3800247054ea6e8275a51a09d

  • SHA512

    49a0cf6b7faa0fd314ac9fdf8813733e797c5d2c8182d47947e9af793ae6c926b1a58c7a9e3bacc1b661b72f9804214d848630c27eb26cc24b25d7f99aeb4408

Score
10/10
njratxmrighackedevasionminersuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

OC50Y3Aubmdyb2suaW8Strik:MTUxMTQg

Mutex

e482830431b4f84bd1e9ebb6982c8a62

Attributes
  • reg_key

    e482830431b4f84bd1e9ebb6982c8a62

  • splitter

    |'|'|

Targets

    • Target

      D5CF8749638C96E98D4DAAE21DA684B45DA35FC380024.exe

    • Size

      93KB

    • MD5

      6bce1d7caa5f71ca7d4620296fc9d775

    • SHA1

      c4af16a65dbdb2a17fe4c3e4811d953c5d501808

    • SHA256

      d5cf8749638c96e98d4daae21da684b45da35fc3800247054ea6e8275a51a09d

    • SHA512

      49a0cf6b7faa0fd314ac9fdf8813733e797c5d2c8182d47947e9af793ae6c926b1a58c7a9e3bacc1b661b72f9804214d848630c27eb26cc24b25d7f99aeb4408

    Score
    10/10
    njratxmrighackedevasionminersuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks