Overview

overview

10

Static

static

ae8fa9b59f...17.exe

windows7_x64

10

ae8fa9b59f...17.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae8fa9b59fb15269e27cbbff6ad480cb53699eb56ff7bb36bcfd1b952a183e17

  • Size

    346KB

  • Sample

    220106-hrhxrabdcm

  • MD5

    56615ae7f161d858f19ad0fcc49deec8

  • SHA1

    7f6b720ab3f72a7641a2fd91d2febdeb85816eb0

  • SHA256

    ae8fa9b59fb15269e27cbbff6ad480cb53699eb56ff7bb36bcfd1b952a183e17

  • SHA512

    639b260b105c945bc2c29602bd70573e6038094388167578a67adde839e0dcc09f5fa1cae663916f99022a23a9bba5341b2fd79117227ceb4d38e330a56ca58d

Score
10/10
njratzeroevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ZERO

C2

stub.ignorelist.com:5553

Mutex

a37326026fa6ee5a13f2532ba8c91513

Attributes
  • reg_key

    a37326026fa6ee5a13f2532ba8c91513

  • splitter

    |'|'|

Targets

    • Target

      ae8fa9b59fb15269e27cbbff6ad480cb53699eb56ff7bb36bcfd1b952a183e17

    • Size

      346KB

    • MD5

      56615ae7f161d858f19ad0fcc49deec8

    • SHA1

      7f6b720ab3f72a7641a2fd91d2febdeb85816eb0

    • SHA256

      ae8fa9b59fb15269e27cbbff6ad480cb53699eb56ff7bb36bcfd1b952a183e17

    • SHA512

      639b260b105c945bc2c29602bd70573e6038094388167578a67adde839e0dcc09f5fa1cae663916f99022a23a9bba5341b2fd79117227ceb4d38e330a56ca58d

    Score
    10/10
    njratzeroevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks