Overview

overview

10

Static

static

10

b444ad4664...88.exe

windows7_x64

10

b444ad4664...88.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b444ad46648439ce627075373ceba888.exe

  • Size

    44KB

  • Sample

    220125-dp7e4sfdg8

  • MD5

    b444ad46648439ce627075373ceba888

  • SHA1

    3ced85300587a1d284fbe31e91f94b4192edd35a

  • SHA256

    2c619425072b006b1a74b653d5ab431a0f00678d8c04a4eed67833c3a876b180

  • SHA512

    08e83f68817892bb4ca50f789dbbbe4dafd2ecd64d1ef2ecca6710d07ccce95ba5d9912b10190ce89fdbe3870285934fe6a94fdf46e6ebb9b871b4f4c9451e3f

Score
10/10
njratpersistencetrojan

Malware Config

Targets

    • Target

      b444ad46648439ce627075373ceba888.exe

    • Size

      44KB

    • MD5

      b444ad46648439ce627075373ceba888

    • SHA1

      3ced85300587a1d284fbe31e91f94b4192edd35a

    • SHA256

      2c619425072b006b1a74b653d5ab431a0f00678d8c04a4eed67833c3a876b180

    • SHA512

      08e83f68817892bb4ca50f789dbbbe4dafd2ecd64d1ef2ecca6710d07ccce95ba5d9912b10190ce89fdbe3870285934fe6a94fdf46e6ebb9b871b4f4c9451e3f

    Score
    10/10
    njratpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks