Overview

overview

10

Static

static

10

afaef621f4...in.exe

windows7_x64

10

afaef621f4...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285.bin

  • Size

    28KB

  • Sample

    211013-sgg8ksecam

  • MD5

    dd92bc172ce822c6ce679dec7e7176cb

  • SHA1

    deae3ad3cc81833c3008bb475ae4c355d750b3e7

  • SHA256

    afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285

  • SHA512

    007e8736c4ad2061f804183154c7e0da7c4f3b958281a1c67bba71684a06ace998f08fa5279120adfdf0ca781aeefa51d366619c076ef869b6830b0bba78627b

Score
10/10
njrathackedevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

abcdefg434334.zapto.org:80

Mutex

f5e4f66c2c5505e6ad7b0b5bee0f0a9a

Attributes
  • reg_key

    f5e4f66c2c5505e6ad7b0b5bee0f0a9a

  • splitter

    |'|'|

Targets

    • Target

      afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285.bin

    • Size

      28KB

    • MD5

      dd92bc172ce822c6ce679dec7e7176cb

    • SHA1

      deae3ad3cc81833c3008bb475ae4c355d750b3e7

    • SHA256

      afaef621f4e840cc036ae85f16c580b6161299f13f3501e2851a3ec633085285

    • SHA512

      007e8736c4ad2061f804183154c7e0da7c4f3b958281a1c67bba71684a06ace998f08fa5279120adfdf0ca781aeefa51d366619c076ef869b6830b0bba78627b

    Score
    10/10
    njrathackedevasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Bladabindi/njrat CnC Checkin

      suricata: ET MALWARE Bladabindi/njrat CnC Checkin

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks