Overview

overview

10

Static

static

10

a7ffebe2d9...4d.exe

windows7_x64

10

a7ffebe2d9...4d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7ffebe2d929cb30d09a5f97bf04bf4d.exe

  • Size

    37KB

  • Sample

    211004-pfgc4sgdbk

  • MD5

    a7ffebe2d929cb30d09a5f97bf04bf4d

  • SHA1

    0973fa934cbac60167827c6131330f5c1455b6c2

  • SHA256

    6d8714bcd12dc506609b53ee525e2ee435e154c3c4b1087c8285f3fd2e678dcd

  • SHA512

    18ce4fa53d4dbce473c488260eeb641e8967cea99bbac480589ff4289b995f168a2b882a41c3e68f860e8e1a2b8d96bd850826895699fbf7966a4f97882661e2

Score
10/10
njrathackedevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

8.tcp.ngrok.io:18888

Mutex

0b353c48530e21bc19ab5b01d126c6b8

Attributes
  • reg_key

    0b353c48530e21bc19ab5b01d126c6b8

  • splitter

    |'|'|

Targets

    • Target

      a7ffebe2d929cb30d09a5f97bf04bf4d.exe

    • Size

      37KB

    • MD5

      a7ffebe2d929cb30d09a5f97bf04bf4d

    • SHA1

      0973fa934cbac60167827c6131330f5c1455b6c2

    • SHA256

      6d8714bcd12dc506609b53ee525e2ee435e154c3c4b1087c8285f3fd2e678dcd

    • SHA512

      18ce4fa53d4dbce473c488260eeb641e8967cea99bbac480589ff4289b995f168a2b882a41c3e68f860e8e1a2b8d96bd850826895699fbf7966a4f97882661e2

    Score
    10/10
    njrathackedevasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks