A81N2M36C_INV0ICE_RECEIPT.exe

General
Target

A81N2M36C_INV0ICE_RECEIPT.exe

Size

679KB

Sample

220113-1eecxacfb9

Score
10 /10
MD5

ba79aabe98bf01d3f35359a9332be48f

SHA1

0dbca5bfa445fca16f31bddfe3be23b1a41a80c0

SHA256

0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143

SHA512

ad16e94537e80d6a185c6be021eb3b459e204fcc424366d89b222849f60ba00478335a036e66c197609f9a77161b093f7240c7ef1d699ff842fd9289d6e828d3

Malware Config

Extracted

Family njrat
Version 1.9
Botnet HacKed
Attributes
reg_key
Microsoft.Exe
Targets
Target

A81N2M36C_INV0ICE_RECEIPT.exe

MD5

ba79aabe98bf01d3f35359a9332be48f

Filesize

679KB

Score
10/10
SHA1

0dbca5bfa445fca16f31bddfe3be23b1a41a80c0

SHA256

0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143

SHA512

ad16e94537e80d6a185c6be021eb3b459e204fcc424366d89b222849f60ba00478335a036e66c197609f9a77161b093f7240c7ef1d699ff842fd9289d6e828d3

Tags

Signatures

  • Windows security bypass

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Looks for VirtualBox Guest Additions in registry

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Looks for VMWare Tools registry key

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Windows security modification

    Tags

    TTPs

    Disabling Security ToolsModify Registry
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Maps connected drives based on registry

    Description

    Disk information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1