Overview

overview

10

Static

static

10

216500f3e5...d3.exe

windows7_x64

10

216500f3e5...d3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3.zip

  • Size

    36KB

  • Sample

    211006-e4cdysaed7

  • MD5

    284327b4940230cc1101d484d7a477e0

  • SHA1

    442c2fd820adf1980929da5572117c1211b3ec7f

  • SHA256

    2e0037526dc99997dd3e17d63d7c5e408511f9e571f2281588564d6857ac8e36

  • SHA512

    f0198cc245844069d9fe4264ef02f7728c4995b7aaa07d3b6b46d25b06ecc94c3ed84d9aecf8c66b42f96c6533ed078b62ccbd8182cd1cdc917a790f9c009531

Score
10/10
njratzombiepersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Zombie

C2

0.tcp.eu.ngrok.io:14618

Mutex

svchost.exe

Attributes
  • reg_key

    svchost.exe

  • splitter

    123

Targets

    • Target

      216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3

    • Size

      78KB

    • MD5

      495ac365075583f4cbd9487cb6c1935c

    • SHA1

      9341e99733e753a7f5c2a716c35a7dc131d271d0

    • SHA256

      216500f3e56a76a59f81e3082a38957482f176c6aaf16ae494db8d2fb5e044d3

    • SHA512

      b9e4c72fd53b5e257d701f123fcc6771013b897aa65bbc6f24b1754e9cd9488cde99eb33b54c40b23c76a4bdb669e388b28829b473b00ff0a44940497c46fbe7

    Score
    10/10
    njratzombiepersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks