Overview

overview

10

Static

static

17fc7c0ec5...cd.exe

windows7_x64

10

17fc7c0ec5...cd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17fc7c0ec5e91b170860f2e59b3074fdab456198a6047b8260e1c846ed5885cd

  • Size

    150KB

  • Sample

    220129-tfwv1sdhh2

  • MD5

    acd58bb34bb275de1570917624ade609

  • SHA1

    6def2bdaca8e08d3fd4363da008e6395cb0db49f

  • SHA256

    17fc7c0ec5e91b170860f2e59b3074fdab456198a6047b8260e1c846ed5885cd

  • SHA512

    79f51605b85b497240d8187697008a2f2dc4bd0f498c721825726e560de7189a8fcc818d10f2daf807c05dcc5be5f7b2de62cfe72d4ed6acb4586d8075b72d3e

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

moh-2014.linkpc.net:55

Mutex

8e3bc91142bd8d798a10a1667ae4d2be

Attributes
  • reg_key

    8e3bc91142bd8d798a10a1667ae4d2be

  • splitter

    |'|'|

Targets

    • Target

      17fc7c0ec5e91b170860f2e59b3074fdab456198a6047b8260e1c846ed5885cd

    • Size

      150KB

    • MD5

      acd58bb34bb275de1570917624ade609

    • SHA1

      6def2bdaca8e08d3fd4363da008e6395cb0db49f

    • SHA256

      17fc7c0ec5e91b170860f2e59b3074fdab456198a6047b8260e1c846ed5885cd

    • SHA512

      79f51605b85b497240d8187697008a2f2dc4bd0f498c721825726e560de7189a8fcc818d10f2daf807c05dcc5be5f7b2de62cfe72d4ed6acb4586d8075b72d3e

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks