Overview

overview

10

Static

static

10

7acc2238e4...30.exe

windows7_x64

10

7acc2238e4...30.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730

  • Size

    93KB

  • Sample

    220520-2k9lnsfed9

  • MD5

    5961f8f28eb6a82e0e845680a051ac34

  • SHA1

    abb5ddbb8dee35184c28f816a20be7c04cee2c77

  • SHA256

    7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730

  • SHA512

    79562759ddeed7c57a7ddc49c5655a349d850eead64102ae24b95569c84ec3799f9a3d7fc0533bbdb8769955964863e49280a2bddb1be1c970e2d3130f646a92

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKeD

C2

c2VyZ28yFRANSESCOjhhdWUuaG9wdG8ub3Jn:NTU1Mg==

Mutex

5b040190db9c0c0f6ade6295832a9add

Attributes
  • reg_key

    5b040190db9c0c0f6ade6295832a9add

  • splitter

    |'|'|

Targets

    • Target

      7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730

    • Size

      93KB

    • MD5

      5961f8f28eb6a82e0e845680a051ac34

    • SHA1

      abb5ddbb8dee35184c28f816a20be7c04cee2c77

    • SHA256

      7acc2238e4cac70d0a0aa4135ef5ab5c6a13cf2514d7b2074b87c6a25d92f730

    • SHA512

      79562759ddeed7c57a7ddc49c5655a349d850eead64102ae24b95569c84ec3799f9a3d7fc0533bbdb8769955964863e49280a2bddb1be1c970e2d3130f646a92

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks