Overview

overview

10

Static

static

sample.vbs

windows7_x64

7

sample.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    900b9c744b8519061ba55671ae1589cd215f1189eb64fc170cc7889196a53c78.bin.sample.gz

  • Size

    11KB

  • Sample

    211028-1k5gaahacq

  • MD5

    03170c51b974935bda09cfdfe9c50ad7

  • SHA1

    f7654a348a9afc6f888e0d7e7560ee3bf99eadd3

  • SHA256

    01ed7a66bff8a0ab10c7e63fd6dee79b97f79e321648d8be9b8c374cbb998a22

  • SHA512

    8632d344a82dbca81d6e201265fcc8296f9831b6840acd8cd1830fba752c0666c9f5176708a4270eab69e66abc466e1b45cdfc573946159a945ed7a2b1aa1e7c

Score
10/10
njratnowevasionsuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Now

C2

top.killwhenabusing1.xyz:2004

Mutex

6db98419ccbf0cb5969083f3317130d0

Attributes
  • reg_key

    6db98419ccbf0cb5969083f3317130d0

  • splitter

    |'|'|

Targets

    • Target

      sample

    • Size

      117KB

    • MD5

      be2c337fdf0551ffc4abfe4385599421

    • SHA1

      0852bd21f78d09729385358f6db9d314899ffdf4

    • SHA256

      900b9c744b8519061ba55671ae1589cd215f1189eb64fc170cc7889196a53c78

    • SHA512

      7196b87b7523989157131842afd70b9943d3c446e891ea7f270b2eee9f58601be8f443838b34a3d29c1fff430c8b91d40b431c541f7ce6e2ac7b9abd2fce0773

    Score
    10/10
    njratnowevasionsuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Blocklisted process makes network request

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks