Overview

overview

10

Static

static

5

6d2f1a98b7...df.exe

windows7_x64

10

6d2f1a98b7...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d2f1a98b77181cb675c0f3cd3ae6824fdd90e150c46d6fcee0ed16f7cd855df

  • Size

    2.3MB

  • Sample

    210930-jzjdxshahr

  • MD5

    751be7e898d61998e52402b813e391bf

  • SHA1

    6b8572889dbac9938e8552f05bf57496b6ab0367

  • SHA256

    6d2f1a98b77181cb675c0f3cd3ae6824fdd90e150c46d6fcee0ed16f7cd855df

  • SHA512

    baa23385c716c6fc682fad2ba963b55c957101d7545143c804b5a846b4bba1fa64761e26e77f225f56961fc63cc956023173ea9cd558c08f31b31541a88ab84e

Score
10/10
njratsuricatatrojanupx

Malware Config

Targets

    • Target

      6d2f1a98b77181cb675c0f3cd3ae6824fdd90e150c46d6fcee0ed16f7cd855df

    • Size

      2.3MB

    • MD5

      751be7e898d61998e52402b813e391bf

    • SHA1

      6b8572889dbac9938e8552f05bf57496b6ab0367

    • SHA256

      6d2f1a98b77181cb675c0f3cd3ae6824fdd90e150c46d6fcee0ed16f7cd855df

    • SHA512

      baa23385c716c6fc682fad2ba963b55c957101d7545143c804b5a846b4bba1fa64761e26e77f225f56961fc63cc956023173ea9cd558c08f31b31541a88ab84e

    Score
    10/10
    njratsuricatatrojanupx

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • autoit_exe

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks