Overview

overview

10

Static

static

fdf4af9ad9...27.exe

windows7_x64

10

fdf4af9ad9...27.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627

  • Size

    194KB

  • Sample

    220121-3pfd3adcf4

  • MD5

    1bdd22a17a650cff37601bfb7ff5de58

  • SHA1

    728fc6952f1d038bd1fdf01b44c4af05e363a4bb

  • SHA256

    fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627

  • SHA512

    6e7f19d4ff5709a4eccad60005c7c0d466ec395bb0a87da3ccedbea0a5bee2d2098165d3e765f06a1e2cb76387454397a2a68280b3f15a9c50ce2eb6e5c8e3bb

Score
10/10
njratvistimatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

VISTIMA

C2

trabajo2019.duckdns.org:2020

Mutex

ef4f7f28c949781a94b69311553c83e5

Attributes
  • reg_key

    ef4f7f28c949781a94b69311553c83e5

  • splitter

    |'|'|

Targets

    • Target

      fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627

    • Size

      194KB

    • MD5

      1bdd22a17a650cff37601bfb7ff5de58

    • SHA1

      728fc6952f1d038bd1fdf01b44c4af05e363a4bb

    • SHA256

      fdf4af9ad999272ebf9fa0c1d3c374615e2c8f2a5a5598f9d3ad1a0f3fd5a627

    • SHA512

      6e7f19d4ff5709a4eccad60005c7c0d466ec395bb0a87da3ccedbea0a5bee2d2098165d3e765f06a1e2cb76387454397a2a68280b3f15a9c50ce2eb6e5c8e3bb

    Score
    10/10
    njratvistimatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks