Overview

overview

10

Static

static

10

C50488A31B...47.exe

windows7_x64

10

C50488A31B...47.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

  • Size

    31KB

  • Sample

    210930-1ycnesadh7

  • MD5

    4adad151f3c235616ce57238c32b4b34

  • SHA1

    9d05a045e0ce402ff257d799921a9557a2569535

  • SHA256

    c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f

  • SHA512

    34b9607899e79f6e381c648f6afde801aed03e4041c9affc13d4855032d139f5164b7f2c4adfea56366d3365dd758fe9c86110b2148cc0c744f04945fc79a366

Score
10/10
njratcheatevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

cheat

C2

0.tcp.ngrok.io:11421

Mutex

33aef9319e7f69a68e51dc4a67780130

Attributes
  • reg_key

    33aef9319e7f69a68e51dc4a67780130

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe

    • Size

      31KB

    • MD5

      4adad151f3c235616ce57238c32b4b34

    • SHA1

      9d05a045e0ce402ff257d799921a9557a2569535

    • SHA256

      c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f

    • SHA512

      34b9607899e79f6e381c648f6afde801aed03e4041c9affc13d4855032d139f5164b7f2c4adfea56366d3365dd758fe9c86110b2148cc0c744f04945fc79a366

    Score
    10/10
    njratevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks