Overview

overview

10

Static

static

10

44dba82c2a...db.exe

windows7_x64

10

44dba82c2a...db.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44dba82c2ae65a2332940d741520d3db.exe

  • Size

    93KB

  • Sample

    211213-vbn52sfacj

  • MD5

    44dba82c2ae65a2332940d741520d3db

  • SHA1

    46dd600540cde151d9edf92ceb796f12c0682680

  • SHA256

    56e6f2114ddf4a7e78eba500bf66bddccdb2ce051e9ccefd238cef54d11d3c0a

  • SHA512

    e0d94dde04d2fd9edf6df96df02724ccfa2987f227da5ce64b9135dbfad7a1a756e7e806b7565fa6210d2b5834c94ae49bd4a7ff95a760fbd80c702b44fd0146

Score
10/10
njratxmrighackedevasionminertrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

OTUuFRANSESCOjEzLjIxNy4yNDFRANSESCOStrik:NDMyMQ==

Mutex

59ec108247976b115e6f863e4a5f1b18

Attributes
  • reg_key

    59ec108247976b115e6f863e4a5f1b18

  • splitter

    |'|'|

Targets

    • Target

      44dba82c2ae65a2332940d741520d3db.exe

    • Size

      93KB

    • MD5

      44dba82c2ae65a2332940d741520d3db

    • SHA1

      46dd600540cde151d9edf92ceb796f12c0682680

    • SHA256

      56e6f2114ddf4a7e78eba500bf66bddccdb2ce051e9ccefd238cef54d11d3c0a

    • SHA512

      e0d94dde04d2fd9edf6df96df02724ccfa2987f227da5ce64b9135dbfad7a1a756e7e806b7565fa6210d2b5834c94ae49bd4a7ff95a760fbd80c702b44fd0146

    Score
    10/10
    njrathackedtrojanxmrigevasionminer

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks