Overview

overview

10

Static

static

B7D0DED75D...51.exe

windows7_x64

10

B7D0DED75D...51.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B7D0DED75D90D6564378AA3CEF07EE6D81043AE8F8E51.exe

  • Size

    491KB

  • Sample

    211025-yldnvagfa9

  • MD5

    38ce6952a20ff8bad29372531d7d18c0

  • SHA1

    394502b774b18e13b84b624cb6309e82b0980dd4

  • SHA256

    b7d0ded75d90d6564378aa3cef07ee6d81043ae8f8e51fd0ea9c459617933a42

  • SHA512

    6b27b9537a28d9ae10780a30eef68a6fceebaf8e1cb77307c59884e9be82b9fb37c7ee3c3c12ea34814c4d6840f25954fe505f0201a9e788d43a443bcaa718a2

Score
10/10
njratm1persistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

m1

C2

6.tcp.ngrok.io:16704

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      B7D0DED75D90D6564378AA3CEF07EE6D81043AE8F8E51.exe

    • Size

      491KB

    • MD5

      38ce6952a20ff8bad29372531d7d18c0

    • SHA1

      394502b774b18e13b84b624cb6309e82b0980dd4

    • SHA256

      b7d0ded75d90d6564378aa3cef07ee6d81043ae8f8e51fd0ea9c459617933a42

    • SHA512

      6b27b9537a28d9ae10780a30eef68a6fceebaf8e1cb77307c59884e9be82b9fb37c7ee3c3c12ea34814c4d6840f25954fe505f0201a9e788d43a443bcaa718a2

    Score
    10/10
    njratm1persistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks