Overview

overview

10

Static

static

5

81392d047d...92.exe

windows7_x64

10

81392d047d...92.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92

  • Size

    1012KB

  • Sample

    220121-3dy22acgf5

  • MD5

    a60b0e5cd78850a7ac0912bfa464640a

  • SHA1

    a0083fce727c42a3e5b359ce7677573175b7fee1

  • SHA256

    81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92

  • SHA512

    8a9d9858fb59f7c40f13e016645c9239ec3ff33ed8f55295303cc7986493871a93123cf2df15ac1d926d9c5e80ea85fd5fb9a4f19546190d4449eba88892a0ac

Score
10/10
njratzzzpampersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

zzZpam

C2

dominoduck2070.duckdns.org:2093

Mutex

Chrome.exe

Attributes
  • reg_key

    Chrome.exe

  • splitter

    1193

Targets

    • Target

      81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92

    • Size

      1012KB

    • MD5

      a60b0e5cd78850a7ac0912bfa464640a

    • SHA1

      a0083fce727c42a3e5b359ce7677573175b7fee1

    • SHA256

      81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92

    • SHA512

      8a9d9858fb59f7c40f13e016645c9239ec3ff33ed8f55295303cc7986493871a93123cf2df15ac1d926d9c5e80ea85fd5fb9a4f19546190d4449eba88892a0ac

    Score
    10/10
    njratzzzpampersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks