Overview

overview

10

Static

static

8

x8209.xlsb

windows7_x64

10

x8209.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    x8209.xlsb

  • Size

    116KB

  • Sample

    210924-jza3jsgcfr

  • MD5

    c5a179c6fe1f057c380e64ad5a5151f1

  • SHA1

    4b4c23004dab867b6759a921a24cfa181167ea62

  • SHA256

    ca4010b0b7e840aed10f2439fc37429aa7c752cf8c312d5c3de01b3342dd69fb

  • SHA512

    1ece527256a6460c99caf85b4c7ba399bf28796c5727a80b3f45176f47aef449145a92ccb7f55648dc41cb87391e322e8e6ac010b99a35ba9cf0aec0bb24e739

Score
10/10
njratmacrotrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://phod.ru/image1.png

Extracted

Family

njrat

C2

ilfuoco.crabdance.com:1606

Mutex

2cdbd061ab

Attributes
  • reg_key

    2cdbd061ab

  • splitter

    @!#&^%$

Targets

    • Target

      x8209.xlsb

    • Size

      116KB

    • MD5

      c5a179c6fe1f057c380e64ad5a5151f1

    • SHA1

      4b4c23004dab867b6759a921a24cfa181167ea62

    • SHA256

      ca4010b0b7e840aed10f2439fc37429aa7c752cf8c312d5c3de01b3342dd69fb

    • SHA512

      1ece527256a6460c99caf85b4c7ba399bf28796c5727a80b3f45176f47aef449145a92ccb7f55648dc41cb87391e322e8e6ac010b99a35ba9cf0aec0bb24e739

    Score
    10/10
    njrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks