Overview

overview

10

Static

static

Scanned1009.exe

windows7_x64

10

Scanned1009.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scanned1009.exe

  • Size

    516KB

  • Sample

    211211-d9cq8safb2

  • MD5

    13dbdf1e060c9dbf33ac71c251658abf

  • SHA1

    5af228c14aff5ba52936fb5fab0980892374eef4

  • SHA256

    f7eb71b62589cc3b7c22d3731ce09e2d9165e1e5d721c56da0f2f2e8362af339

  • SHA512

    0b9b47f9eb55c55b401816d834818d1e42c45d83f042992c92c652cf349cad8d9def4605816b24ffd915427fc734266c072af2a349d89a20a68fdc66ff1a6e86

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

dccgroup.duckdns.org:5419

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      Scanned1009.exe

    • Size

      516KB

    • MD5

      13dbdf1e060c9dbf33ac71c251658abf

    • SHA1

      5af228c14aff5ba52936fb5fab0980892374eef4

    • SHA256

      f7eb71b62589cc3b7c22d3731ce09e2d9165e1e5d721c56da0f2f2e8362af339

    • SHA512

      0b9b47f9eb55c55b401816d834818d1e42c45d83f042992c92c652cf349cad8d9def4605816b24ffd915427fc734266c072af2a349d89a20a68fdc66ff1a6e86

    Score
    10/10
    njrathackedtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks