Overview

overview

10

Static

static

10

c01241da9a...c2.exe

windows7_x64

10

c01241da9a...c2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c01241da9a4a4df62da605fa0a43f6c2.exe

  • Size

    37KB

  • Sample

    220107-3pesjadbbp

  • MD5

    c01241da9a4a4df62da605fa0a43f6c2

  • SHA1

    81db6c7ef0820e926b8c7f336e27f8ae3129995d

  • SHA256

    4508d96492ef503a79ad969ea885b9b3574158e64fc3d13a41e7ebef007286ed

  • SHA512

    b201b63fad95726ab14172784e3382ad7aee4ff70982845d8638cf3627f14491d83c21d99775433cdab120da24dc8306d70c19f966f5e16dbc7dbe11f9611a10

Score
10/10
njrathackedevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.ngrok.io:11947

Mutex

d4a936dfd494d5f7b5e01de781d9fe51

Attributes
  • reg_key

    d4a936dfd494d5f7b5e01de781d9fe51

  • splitter

    |'|'|

Targets

    • Target

      c01241da9a4a4df62da605fa0a43f6c2.exe

    • Size

      37KB

    • MD5

      c01241da9a4a4df62da605fa0a43f6c2

    • SHA1

      81db6c7ef0820e926b8c7f336e27f8ae3129995d

    • SHA256

      4508d96492ef503a79ad969ea885b9b3574158e64fc3d13a41e7ebef007286ed

    • SHA512

      b201b63fad95726ab14172784e3382ad7aee4ff70982845d8638cf3627f14491d83c21d99775433cdab120da24dc8306d70c19f966f5e16dbc7dbe11f9611a10

    Score
    10/10
    njrathackedevasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks