Overview

overview

10

Static

static

4a2acbd772...4d.exe

windows7_x64

10

4a2acbd772...4d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d

  • Size

    76KB

  • Sample

    220502-w5nl2sdag5

  • MD5

    6ba4110a57c59dcbb40834a764696180

  • SHA1

    8df62aafd0105f9bdf0b57caa4548ca8e9576b5b

  • SHA256

    4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d

  • SHA512

    d17035cfab6572e61a3ebb1b2938ee025ae9302d1943efd72d437db8f56cfb28ebcb8e53e283a311da6d959f1b57daf94e8314bc742b3d53890effca8ddfe95e

Score
10/10
njratyoutubeevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Youtube

C2

194.33.45.46:4785

Mutex

7cd689923ff88e7744796cbd311fd268

Attributes
  • reg_key

    7cd689923ff88e7744796cbd311fd268

  • splitter

    |'|'|

Targets

    • Target

      4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d

    • Size

      76KB

    • MD5

      6ba4110a57c59dcbb40834a764696180

    • SHA1

      8df62aafd0105f9bdf0b57caa4548ca8e9576b5b

    • SHA256

      4a2acbd77245e50f0348b7efcb0009903c55d4585b00f49f832beaf285b4b54d

    • SHA512

      d17035cfab6572e61a3ebb1b2938ee025ae9302d1943efd72d437db8f56cfb28ebcb8e53e283a311da6d959f1b57daf94e8314bc742b3d53890effca8ddfe95e

    Score
    10/10
    njratyoutubeevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks