Overview

overview

10

Static

static

f556411367...57.exe

windows7_x64

5

f556411367...57.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5564113679c153eede888e94c38cd488d9db13f6659adfe37b627329fd8d257

  • Size

    269KB

  • Sample

    210930-pjcjbshgfj

  • MD5

    3ca79ae3cffbbe1a16276e6b6d9d075e

  • SHA1

    1ed1cccc911ad67252a7b1c72d046dfb8042ec34

  • SHA256

    f5564113679c153eede888e94c38cd488d9db13f6659adfe37b627329fd8d257

  • SHA512

    a011c4fade25ba3a640150ab9fbcf8ef8b0ed97ffa25fccecac2e992f3189e5b3014396c46986db43387ff6dcb0d522185c9d9aa36b4e8e602bba54779add9af

Score
10/10
njrathack.egtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacK.EG

C2

127.0.0.1:5552

Mutex

295d0085fbaaab25f54bc24d79ea3c7d

Attributes
  • reg_key

    295d0085fbaaab25f54bc24d79ea3c7d

  • splitter

    |'|'|

Targets

    • Target

      f5564113679c153eede888e94c38cd488d9db13f6659adfe37b627329fd8d257

    • Size

      269KB

    • MD5

      3ca79ae3cffbbe1a16276e6b6d9d075e

    • SHA1

      1ed1cccc911ad67252a7b1c72d046dfb8042ec34

    • SHA256

      f5564113679c153eede888e94c38cd488d9db13f6659adfe37b627329fd8d257

    • SHA512

      a011c4fade25ba3a640150ab9fbcf8ef8b0ed97ffa25fccecac2e992f3189e5b3014396c46986db43387ff6dcb0d522185c9d9aa36b4e8e602bba54779add9af

    Score
    10/10
    njrathack.egtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks