Overview

overview

10

Static

static

10

c522d99737...d1.exe

windows7_x64

10

c522d99737...d1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1

  • Size

    37KB

  • Sample

    220520-3ja76abhej

  • MD5

    2333a7b5b03e3fa1bd77b635e0a7f0df

  • SHA1

    984a1120d48af498288e8ef09f49d8989e0d1aff

  • SHA256

    c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1

  • SHA512

    504063f2913ba7b1ff8dd5a0eee97f421857e1218280e59a64dc707c7e9a6ac290a58c45fcbe05ff38172e037a0994043d979f403d506273c14f86cb895a59c1

Score
10/10
njratхороший_чит227evasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

хороший_чит227

C2

127.0.0.1:5552

Mutex

345d8bf41e0048532905f37e4f8e9889

Attributes
  • reg_key

    345d8bf41e0048532905f37e4f8e9889

  • splitter

    |'|'|

Targets

    • Target

      c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1

    • Size

      37KB

    • MD5

      2333a7b5b03e3fa1bd77b635e0a7f0df

    • SHA1

      984a1120d48af498288e8ef09f49d8989e0d1aff

    • SHA256

      c522d9973750b509bea999d0854cd21bfbf854aef3c6e2bfcb041c61f22c42d1

    • SHA512

      504063f2913ba7b1ff8dd5a0eee97f421857e1218280e59a64dc707c7e9a6ac290a58c45fcbe05ff38172e037a0994043d979f403d506273c14f86cb895a59c1

    Score
    10/10
    njratхороший_чит227evasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks