Overview

overview

10

Static

static

b43b1abc6a...98.exe

windows7_x64

10

b43b1abc6a...98.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b43b1abc6a39ce45305c6e946b20e698.exe

  • Size

    7.6MB

  • Sample

    211209-pqnj6sdcdl

  • MD5

    b43b1abc6a39ce45305c6e946b20e698

  • SHA1

    af7cc28f1d57ca4f50c816de6d13c3e505e84487

  • SHA256

    101af417f59a62ab91bc1ad215a123ce42fc4b055390b2de038f21cb145c2fe0

  • SHA512

    42c72ff81e52ffbebd301341a26c12c09c2d7e2cf9a5b28e77b4bd2be0b7465c9f5f132795c3856fc51488a2a806c229eb9931980c8e158ba57df34dcd59c68c

Score
10/10
njratazureevasionpersistencepyinstallersuricatatrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Azure

C2

rere12.hopto.org,rere12.hopto.org,rere12.hopto.org:4444

Mutex

1da5a59a490612618a83aad15693bcfc

Attributes
  • reg_key

    1da5a59a490612618a83aad15693bcfc

  • splitter

    |'|'|

Targets

    • Target

      b43b1abc6a39ce45305c6e946b20e698.exe

    • Size

      7.6MB

    • MD5

      b43b1abc6a39ce45305c6e946b20e698

    • SHA1

      af7cc28f1d57ca4f50c816de6d13c3e505e84487

    • SHA256

      101af417f59a62ab91bc1ad215a123ce42fc4b055390b2de038f21cb145c2fe0

    • SHA512

      42c72ff81e52ffbebd301341a26c12c09c2d7e2cf9a5b28e77b4bd2be0b7465c9f5f132795c3856fc51488a2a806c229eb9931980c8e158ba57df34dcd59c68c

    Score
    10/10
    njratazureevasionpersistencepyinstallersuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks