Overview

overview

10

Static

static

E1EA3A88EE...83.exe

windows7_x64

10

E1EA3A88EE...83.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E1EA3A88EE3EF55FE02A84E9D652B57296941227F7D83.exe

  • Size

    279KB

  • Sample

    211130-3f1cwahaep

  • MD5

    e0ab3b6c4db03ac6cf373c71b8ee629d

  • SHA1

    b0472452f1f78c535358140f995ca0383b68d585

  • SHA256

    e1ea3a88ee3ef55fe02a84e9d652b57296941227f7d8332b96068574162ef27a

  • SHA512

    d8110b21f9d0d79d8b1a6e73ab66415d256b312bd618845bf733b4c00da7d92dad7c00fd9bd430772f3dbf3c193e75541c5235fbf49b95e4532604ea5f7e3070

Score
10/10
njrathackedevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

russia5319.ddns.net:1177

Mutex

f6b2b94ea40dad02eb686dc0711f7aed

Attributes
  • reg_key

    f6b2b94ea40dad02eb686dc0711f7aed

  • splitter

    |'|'|

Targets

    • Target

      E1EA3A88EE3EF55FE02A84E9D652B57296941227F7D83.exe

    • Size

      279KB

    • MD5

      e0ab3b6c4db03ac6cf373c71b8ee629d

    • SHA1

      b0472452f1f78c535358140f995ca0383b68d585

    • SHA256

      e1ea3a88ee3ef55fe02a84e9d652b57296941227f7d8332b96068574162ef27a

    • SHA512

      d8110b21f9d0d79d8b1a6e73ab66415d256b312bd618845bf733b4c00da7d92dad7c00fd9bd430772f3dbf3c193e75541c5235fbf49b95e4532604ea5f7e3070

    Score
    10/10
    njrathackedevasionpersistencesuricatatrojan

    • Windows security bypass

      evasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks