Overview

overview

10

Static

static

36702A0220...8B.exe

windows7_x64

10

36702A0220...8B.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36702A02201CEA4B0F0096758491FB058EF8D9A84D98B.exe

  • Size

    22KB

  • Sample

    211224-1qgmeafdc9

  • MD5

    f3d01e4949038741366e368d190fb95a

  • SHA1

    94ae951d78c1cc28a698b770839272d22b1d56f2

  • SHA256

    36702a02201cea4b0f0096758491fb058ef8d9a84d98bf93db3101ee1050276f

  • SHA512

    9a40115f50bd6e493c729b78df9af601428f29fa9b2bf101ff51100e4d0890e8104c7ae766472fa08a86db5b7f72f1b64656362a90f4a46db5f63b9105c172bb

Score
10/10
njratpersistencetrojan

Malware Config

Targets

    • Target

      36702A02201CEA4B0F0096758491FB058EF8D9A84D98B.exe

    • Size

      22KB

    • MD5

      f3d01e4949038741366e368d190fb95a

    • SHA1

      94ae951d78c1cc28a698b770839272d22b1d56f2

    • SHA256

      36702a02201cea4b0f0096758491fb058ef8d9a84d98bf93db3101ee1050276f

    • SHA512

      9a40115f50bd6e493c729b78df9af601428f29fa9b2bf101ff51100e4d0890e8104c7ae766472fa08a86db5b7f72f1b64656362a90f4a46db5f63b9105c172bb

    Score
    10/10
    njratpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks