Overview

overview

10

Static

static

5b0e04c4f9...6f.exe

windows7_x64

10

5b0e04c4f9...6f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b0e04c4f91d5aaac3ee3ce0eb2a1c6f.exe

  • Size

    396KB

  • Sample

    220514-spk97sadg2

  • MD5

    5b0e04c4f91d5aaac3ee3ce0eb2a1c6f

  • SHA1

    dd539b2dae5964501c364bf932ce8e9f9dc500af

  • SHA256

    dbc7c72ec05fae8f586a80826e6929cb26ec2fab3623620bb3edaea0139385a3

  • SHA512

    1ee3527a2ad3c7b6f393097ad60742ba3dfb14758feaf01188662a091c91f914390761fdb5751e1cbdb201d21cc1a086d09a7326d140a58d196266c458a2ea18

Score
10/10
njrathackedpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

104.243.35.208:4004

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      5b0e04c4f91d5aaac3ee3ce0eb2a1c6f.exe

    • Size

      396KB

    • MD5

      5b0e04c4f91d5aaac3ee3ce0eb2a1c6f

    • SHA1

      dd539b2dae5964501c364bf932ce8e9f9dc500af

    • SHA256

      dbc7c72ec05fae8f586a80826e6929cb26ec2fab3623620bb3edaea0139385a3

    • SHA512

      1ee3527a2ad3c7b6f393097ad60742ba3dfb14758feaf01188662a091c91f914390761fdb5751e1cbdb201d21cc1a086d09a7326d140a58d196266c458a2ea18

    Score
    10/10
    njrathackedpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks