Overview

overview

10

Static

static

10

306437A282...AE.exe

windows7_x64

10

306437A282...AE.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    306437A282F51A0C6ECD6E3EAAB2EF9FC376973DA40AE.exe

  • Size

    27KB

  • Sample

    220102-xhg2esafg6

  • MD5

    03aaaf240a48f950913695178125016a

  • SHA1

    b7fe1523b02d05539f769f4beead332e5f0e18bc

  • SHA256

    306437a282f51a0c6ecd6e3eaab2ef9fc376973da40ae0972bee7ea3839d0909

  • SHA512

    6af11725e06efd01ca1429e567ca93d608436b165a23229eea623e25291967ce3f057af5c596974d86a5e0c55b38a27a0b121471f2b49cd25c543e77ce09460d

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

zaki-botnet.portmap.host:5222

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      306437A282F51A0C6ECD6E3EAAB2EF9FC376973DA40AE.exe

    • Size

      27KB

    • MD5

      03aaaf240a48f950913695178125016a

    • SHA1

      b7fe1523b02d05539f769f4beead332e5f0e18bc

    • SHA256

      306437a282f51a0c6ecd6e3eaab2ef9fc376973da40ae0972bee7ea3839d0909

    • SHA512

      6af11725e06efd01ca1429e567ca93d608436b165a23229eea623e25291967ce3f057af5c596974d86a5e0c55b38a27a0b121471f2b49cd25c543e77ce09460d

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks