Overview

overview

10

Static

static

10

03B8CA0BE4...07.exe

windows7_x64

10

03B8CA0BE4...07.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03B8CA0BE4A43FB9CDCC8DC6898F93A71B25412C97107.exe

  • Size

    36KB

  • Sample

    220114-ptkbxsgddn

  • MD5

    3838a96e09eb734d166f9eb0d2822f81

  • SHA1

    242b15190d06fb1c89fb35170d1f4d8ff4abdbe6

  • SHA256

    03b8ca0be4a43fb9cdcc8dc6898f93a71b25412c97107b30fbfa38cc84463097

  • SHA512

    8f5e43f135cec3f73f88e90d13c0f89e2436c6bbd470959f6cdfdd2e302152bcd2fa6a2414c501578271ca7ec7e381baa14bb9395742820158e13f1cac33a33a

Score
10/10
njrathackedevasionsuricata

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

2.tcp.ngrok.io:10778

Mutex

afd33936fdd13a3fc7c1e85848eb90af

Attributes
  • reg_key

    afd33936fdd13a3fc7c1e85848eb90af

  • splitter

    |'|'|

Targets

    • Target

      03B8CA0BE4A43FB9CDCC8DC6898F93A71B25412C97107.exe

    • Size

      36KB

    • MD5

      3838a96e09eb734d166f9eb0d2822f81

    • SHA1

      242b15190d06fb1c89fb35170d1f4d8ff4abdbe6

    • SHA256

      03b8ca0be4a43fb9cdcc8dc6898f93a71b25412c97107b30fbfa38cc84463097

    • SHA512

      8f5e43f135cec3f73f88e90d13c0f89e2436c6bbd470959f6cdfdd2e302152bcd2fa6a2414c501578271ca7ec7e381baa14bb9395742820158e13f1cac33a33a

    Score
    10/10
    evasionsuricata

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Modifies Windows Firewall

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks