Overview

overview

10

Static

static

0c5f572eb6...11.exe

windows7_x64

10

0c5f572eb6...11.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911

  • Size

    598KB

  • Sample

    220520-pt3s9sbgc3

  • MD5

    6027c5d5ba277c500fea2c1573506674

  • SHA1

    e96a6cb09f8387df162982969c39734cf7bb1320

  • SHA256

    0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911

  • SHA512

    a6dd9ff9195828c21bd3903e9730bbd15a9cbb901b4e07e0c2b1ba58679f7eacebd7967b13a63a630969168768b781963fa466665f26d879734ee50f78f55dad

Score
10/10
njrathacked by hidden personevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked By HiDDen PerSOn

C2

178.137.210.251:5552

Mutex

9fd934de9393f22478a39ad38fdd5c13

Attributes
  • reg_key

    9fd934de9393f22478a39ad38fdd5c13

  • splitter

    |'|'|

Targets

    • Target

      0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911

    • Size

      598KB

    • MD5

      6027c5d5ba277c500fea2c1573506674

    • SHA1

      e96a6cb09f8387df162982969c39734cf7bb1320

    • SHA256

      0c5f572eb6a388bab96140b467f273b8f26b7b76e7302c87b652ae62360f8911

    • SHA512

      a6dd9ff9195828c21bd3903e9730bbd15a9cbb901b4e07e0c2b1ba58679f7eacebd7967b13a63a630969168768b781963fa466665f26d879734ee50f78f55dad

    Score
    10/10
    njrathacked by hidden personevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks