Overview

overview

10

Static

static

c900116f26...43.exe

windows7_x64

10

c900116f26...43.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c900116f26c56d2773337522219e4aaaa73a0473be6fcf6739d8e964488c3543

  • Size

    203KB

  • Sample

    220521-azgqnaeacq

  • MD5

    7f58142ad487ca166fb71be971d97bc9

  • SHA1

    6c1bca26d7ea9e6f2ded29d84759aade2cc844bb

  • SHA256

    c900116f26c56d2773337522219e4aaaa73a0473be6fcf6739d8e964488c3543

  • SHA512

    2848e3af53cc32f5dcdbcf9be400b9defbce9642bc60863ada3cde301edf785b0795fd50782c586314beb95cc3293b75b69f4500817de6890dcdb484fab7c621

Score
10/10
njratmybotevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

85.140.114.45:7777

Mutex

061de4c451a1c1cb6f111696c953d5d6

Attributes
  • reg_key

    061de4c451a1c1cb6f111696c953d5d6

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      c900116f26c56d2773337522219e4aaaa73a0473be6fcf6739d8e964488c3543

    • Size

      203KB

    • MD5

      7f58142ad487ca166fb71be971d97bc9

    • SHA1

      6c1bca26d7ea9e6f2ded29d84759aade2cc844bb

    • SHA256

      c900116f26c56d2773337522219e4aaaa73a0473be6fcf6739d8e964488c3543

    • SHA512

      2848e3af53cc32f5dcdbcf9be400b9defbce9642bc60863ada3cde301edf785b0795fd50782c586314beb95cc3293b75b69f4500817de6890dcdb484fab7c621

    Score
    10/10
    njratmybotevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks