Overview

overview

10

Static

static

10

a2105798ed...3a.exe

windows7_x64

10

a2105798ed...3a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2105798edb6b4164a60c200ad1c4e3a.exe

  • Size

    27KB

  • Sample

    211207-v11v5sbffl

  • MD5

    a2105798edb6b4164a60c200ad1c4e3a

  • SHA1

    2d9a66acba0e05de797f82d4a7b1d266d057078c

  • SHA256

    746e511b6f9291eea51de5f16e65eeeb5341049cb82ad8abe13d01452e85e469

  • SHA512

    7ae2ff37e92b1f1e8d67b2963449d6dc9d10b7ba2d0920e10439f88ce9ff495510760ff500e4c290c2b48a51b6ace0f14cefe0020240b1c846a1594db4174088

Score
10/10
njrathackedpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

melhortrojanrerer.duckdns.org:5552

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      a2105798edb6b4164a60c200ad1c4e3a.exe

    • Size

      27KB

    • MD5

      a2105798edb6b4164a60c200ad1c4e3a

    • SHA1

      2d9a66acba0e05de797f82d4a7b1d266d057078c

    • SHA256

      746e511b6f9291eea51de5f16e65eeeb5341049cb82ad8abe13d01452e85e469

    • SHA512

      7ae2ff37e92b1f1e8d67b2963449d6dc9d10b7ba2d0920e10439f88ce9ff495510760ff500e4c290c2b48a51b6ace0f14cefe0020240b1c846a1594db4174088

    Score
    10/10
    njrathackedpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks