Overview

overview

10

Static

static

10

d13fc7b380...31.exe

windows7_x64

10

d13fc7b380...31.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d13fc7b3803ac2153769dd6437bfff31.exe

  • Size

    31KB

  • Sample

    211130-vpp99sfeem

  • MD5

    d13fc7b3803ac2153769dd6437bfff31

  • SHA1

    74adf3f27958c90827a0b5ee6296d8d4bbffe057

  • SHA256

    99cf11a865fac03f57d85e42987e41e37ac1cbc410eaa86c18d833b08a92dba1

  • SHA512

    952118791b0c357ce4b95dc27edab12248f72dbd7cc1845a44a1b5ed252894dc7fed300e1e3e7bbc9e900ab80727a5ba74b0cf0d56d8a8c3669e1ebaa32f6344

Score
10/10
njratmybotevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

8.tcp.ngrok.io:13452

Mutex

7ecf8e46c8ad8c72db05262ff07a36e7

Attributes
  • reg_key

    7ecf8e46c8ad8c72db05262ff07a36e7

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      d13fc7b3803ac2153769dd6437bfff31.exe

    • Size

      31KB

    • MD5

      d13fc7b3803ac2153769dd6437bfff31

    • SHA1

      74adf3f27958c90827a0b5ee6296d8d4bbffe057

    • SHA256

      99cf11a865fac03f57d85e42987e41e37ac1cbc410eaa86c18d833b08a92dba1

    • SHA512

      952118791b0c357ce4b95dc27edab12248f72dbd7cc1845a44a1b5ed252894dc7fed300e1e3e7bbc9e900ab80727a5ba74b0cf0d56d8a8c3669e1ebaa32f6344

    Score
    10/10
    njratevasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks