Overview

overview

10

Static

static

10

eQ88ht5Z.exe

windows7_x64

10

eQ88ht5Z.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eQ88ht5Z.exe

  • Size

    23KB

  • Sample

    211014-qjyl8shfb5

  • MD5

    a3e74200d636da0be8e6336b880b73ed

  • SHA1

    ce1dfb37201133556dee320cf26340808885acc4

  • SHA256

    5a89e39ab6b87ed1d0810009c093db235fca513f11a49d13653dfb26534cb265

  • SHA512

    8102cd1c68ee5bd404569a0d17d55be042569ff93a1579c5853da45c45e7cdadcc5bec05ee84e77a90c09c2b50e2c8239fdfb8d2cd62f152620b9a9a29907ea1

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

2.tcp.ngrok.io:13521

Mutex

112f8f7cd18bbf4b59b64dc60a84e780

Attributes
  • reg_key

    112f8f7cd18bbf4b59b64dc60a84e780

  • splitter

    |'|'|

Targets

    • Target

      eQ88ht5Z.exe

    • Size

      23KB

    • MD5

      a3e74200d636da0be8e6336b880b73ed

    • SHA1

      ce1dfb37201133556dee320cf26340808885acc4

    • SHA256

      5a89e39ab6b87ed1d0810009c093db235fca513f11a49d13653dfb26534cb265

    • SHA512

      8102cd1c68ee5bd404569a0d17d55be042569ff93a1579c5853da45c45e7cdadcc5bec05ee84e77a90c09c2b50e2c8239fdfb8d2cd62f152620b9a9a29907ea1

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks