Overview

overview

10

Static

static

c7d5ea3b83...c7.ps1

windows7_x64

1

c7d5ea3b83...c7.ps1

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7d5ea3b83db855d97ce4df784f5c7556bae16f3297ae9399f5a14d686a1dbc7.zip

  • Size

    176KB

  • Sample

    211004-hkx34agafl

  • MD5

    5067f2f61ac73acfc8bbe7081318c8a3

  • SHA1

    343852e7ebb803f5479155dbdcfdc6d620b0e9d9

  • SHA256

    6c83a463a188ae19a43d8fc3dec7d77b848198602e076c3baba00cba3e7cf40b

  • SHA512

    7e55149f7ce5f4f7401662622c3021d508782ad9e64c088692fb994c3d97c092284a7b1e42c958bbffe0a5488bc5540b3f01adaf619cb3cee2ea147dd9a4e87a

Score
10/10
njratbosstrojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

Boss

C2

103.147.184.73:7103

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      c7d5ea3b83db855d97ce4df784f5c7556bae16f3297ae9399f5a14d686a1dbc7.ps1

    • Size

      2.2MB

    • MD5

      438f192c7282265b78ea831b779a5635

    • SHA1

      0197c04c82a4ab39ec6a914be4b533eacfc6c3b4

    • SHA256

      c7d5ea3b83db855d97ce4df784f5c7556bae16f3297ae9399f5a14d686a1dbc7

    • SHA512

      7009dd62daf3c710766323fbe06bc779e2ca09d741bd84980a8b31ff30c7fdd9d05d9280730df633618c4e79c9ad44c57b81ade62283e91da669061afdebb6d5

    Score
    10/10
    njratbosstrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks