Overview

overview

10

Static

static

3fe6e95aaf...ad.exe

windows7_x64

10

3fe6e95aaf...ad.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3fe6e95aaf5e6563084597ae6a03283dc6e8c2d6be2d73b0ffd148f20796baad

  • Size

    8.7MB

  • Sample

    220215-tm21lsgha2

  • MD5

    e96b49168d8039c227de5c72bf41810b

  • SHA1

    14944a4510d56864835eda74366dd93543de7e52

  • SHA256

    3fe6e95aaf5e6563084597ae6a03283dc6e8c2d6be2d73b0ffd148f20796baad

  • SHA512

    0c98e82b1e454d85edd505cdae47fbdcb19651bd9bc573722ecf69f6e10a606677d2d865b590a29a542e23cf554523392aeb8bd1c26bf3153368531a36d6a2c7

Score
10/10
njrathack gta vevasionpersistencethemidatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HACK GTA V

C2

snowgato.duckdns.org:1177

Mutex

1eb07ee8c21d622a801f6a0fb9cad455

Attributes
  • reg_key

    1eb07ee8c21d622a801f6a0fb9cad455

  • splitter

    |'|'|

Targets

    • Target

      3fe6e95aaf5e6563084597ae6a03283dc6e8c2d6be2d73b0ffd148f20796baad

    • Size

      8.7MB

    • MD5

      e96b49168d8039c227de5c72bf41810b

    • SHA1

      14944a4510d56864835eda74366dd93543de7e52

    • SHA256

      3fe6e95aaf5e6563084597ae6a03283dc6e8c2d6be2d73b0ffd148f20796baad

    • SHA512

      0c98e82b1e454d85edd505cdae47fbdcb19651bd9bc573722ecf69f6e10a606677d2d865b590a29a542e23cf554523392aeb8bd1c26bf3153368531a36d6a2c7

    Score
    10/10
    njrathack gta vevasionpersistencethemidatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks