Overview

overview

10

Static

static

aee836f94d...80.exe

windows7_x64

10

aee836f94d...80.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aee836f94d476c42f3078f1463aa6e80.exe

  • Size

    360KB

  • Sample

    211113-x2891scdfj

  • MD5

    aee836f94d476c42f3078f1463aa6e80

  • SHA1

    7d53870bb3386d62020062839622933f7cbb6c1d

  • SHA256

    1339aec2f0f3c803e549efce6e60bb3e7030b30b3959521554584b454f8b3b80

  • SHA512

    d3328b3aede2f30fdb2b4b49cd7df51b14a374219c3a65a101c2943c7954df6bd9a7759f2628f57a42fb9da201dd55c1fa750e435bca72ed24251cb1942044cb

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

rorayan1234.ddns.net:1177

Mutex

081e607e651641c7b259dbca3265a32e

Attributes
  • reg_key

    081e607e651641c7b259dbca3265a32e

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      aee836f94d476c42f3078f1463aa6e80.exe

    • Size

      360KB

    • MD5

      aee836f94d476c42f3078f1463aa6e80

    • SHA1

      7d53870bb3386d62020062839622933f7cbb6c1d

    • SHA256

      1339aec2f0f3c803e549efce6e60bb3e7030b30b3959521554584b454f8b3b80

    • SHA512

      d3328b3aede2f30fdb2b4b49cd7df51b14a374219c3a65a101c2943c7954df6bd9a7759f2628f57a42fb9da201dd55c1fa750e435bca72ed24251cb1942044cb

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks