Overview

overview

10

Static

static

10

b07fe4ec83...ad.exe

windows7_x64

10

b07fe4ec83...ad.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b07fe4ec839f73e5d8c52c42409cfcad.exe

  • Size

    794KB

  • Sample

    220128-httr2aghbk

  • MD5

    b07fe4ec839f73e5d8c52c42409cfcad

  • SHA1

    2a9fcb902902372ecaf480c1377f1267b03aaae1

  • SHA256

    68690afda547fc3ccd9a8ee7cfdc8421428736ce697d7d50dca6894dbd867a91

  • SHA512

    c8d586dcf192590967b5c935d9e54e0a154837149b95d3d9f6e7cd031481ee641ae4062ee5fa5a2c342b2f2c1d4c98ba3160a78522921218d47ed3e062cc64fb

Score
10/10
njrathackedevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

115.23.109.127:1155

Mutex

d59e767437442991aeca3e808018472c

Attributes
  • reg_key

    d59e767437442991aeca3e808018472c

  • splitter

    |'|'|

Targets

    • Target

      b07fe4ec839f73e5d8c52c42409cfcad.exe

    • Size

      794KB

    • MD5

      b07fe4ec839f73e5d8c52c42409cfcad

    • SHA1

      2a9fcb902902372ecaf480c1377f1267b03aaae1

    • SHA256

      68690afda547fc3ccd9a8ee7cfdc8421428736ce697d7d50dca6894dbd867a91

    • SHA512

      c8d586dcf192590967b5c935d9e54e0a154837149b95d3d9f6e7cd031481ee641ae4062ee5fa5a2c342b2f2c1d4c98ba3160a78522921218d47ed3e062cc64fb

    Score
    10/10
    njrattrojanhackedevasionpersistencesuricata

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)

      suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Capture)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks