Overview

overview

10

Static

static

10

B1A1E14BC0...C1.exe

windows7_x64

10

B1A1E14BC0...C1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B1A1E14BC010B33F4AAF307745F56EBB6FC7AA2F156C1.exe

  • Size

    93KB

  • Sample

    211210-flvm9afdf5

  • MD5

    a32cfcc44e02557cdaa58e5d0d0bfecf

  • SHA1

    e528b1545dad304a0e11c5b3d85a54bcb6d08124

  • SHA256

    b1a1e14bc010b33f4aaf307745f56ebb6fc7aa2f156c1c38c645432ed7bca50e

  • SHA512

    7a357c990e953e781cd84e2991d76705312ba9e439d478d2480d9984dad3cca256de294b80dc0c391b89678cf15e080167696a5af0f79b0827fed7eafdf32d60

Score
10/10
njratotcuserevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

otcuser

C2

FRANSESCOC50Y3Aubmdyb2suaW8Strik:MTAzNzI=

Mutex

26996ddd51e9bdc1472eeb1acc1c554a

Attributes
  • reg_key

    26996ddd51e9bdc1472eeb1acc1c554a

  • splitter

    |'|'|

Targets

    • Target

      B1A1E14BC010B33F4AAF307745F56EBB6FC7AA2F156C1.exe

    • Size

      93KB

    • MD5

      a32cfcc44e02557cdaa58e5d0d0bfecf

    • SHA1

      e528b1545dad304a0e11c5b3d85a54bcb6d08124

    • SHA256

      b1a1e14bc010b33f4aaf307745f56ebb6fc7aa2f156c1c38c645432ed7bca50e

    • SHA512

      7a357c990e953e781cd84e2991d76705312ba9e439d478d2480d9984dad3cca256de294b80dc0c391b89678cf15e080167696a5af0f79b0827fed7eafdf32d60

    Score
    10/10
    njratotcuserevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks