Overview

overview

10

Static

static

10

72abe9ceb5...b4.exe

windows7_x64

10

72abe9ceb5...b4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72abe9ceb53646f25490eba50b32a59f84d823556a9c1b029af1d56b20b531b4

  • Size

    31KB

  • Sample

    220520-wgnbdaebfm

  • MD5

    1b11d36fbfbaae8edbdeca9b161ff782

  • SHA1

    9283c1c03f812ddd430757319ab5d490a24e6882

  • SHA256

    72abe9ceb53646f25490eba50b32a59f84d823556a9c1b029af1d56b20b531b4

  • SHA512

    51fffaa3977e651cabe4a59946c93fd87226a8fbb2062d9c9208553671e692974c8bf83c3461557415a1e96295d5addae9d0689dbed9ba5c1741b0791fb16e30

Score
10/10
njratqqtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

qq

C2

146.158.124.6:6522

Mutex

e1d983938b3a0321868d203967bc8cd1

Attributes
  • reg_key

    e1d983938b3a0321868d203967bc8cd1

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      72abe9ceb53646f25490eba50b32a59f84d823556a9c1b029af1d56b20b531b4

    • Size

      31KB

    • MD5

      1b11d36fbfbaae8edbdeca9b161ff782

    • SHA1

      9283c1c03f812ddd430757319ab5d490a24e6882

    • SHA256

      72abe9ceb53646f25490eba50b32a59f84d823556a9c1b029af1d56b20b531b4

    • SHA512

      51fffaa3977e651cabe4a59946c93fd87226a8fbb2062d9c9208553671e692974c8bf83c3461557415a1e96295d5addae9d0689dbed9ba5c1741b0791fb16e30

    Score
    10/10
    njratqqtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks