Overview

overview

10

Static

static

10

8a3aa1928e...7a.exe

windows7_x64

8

8a3aa1928e...7a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a3aa1928ed7bf55985b9682e40406499efb3b0e13ec4b7b32dc33a8e653aa7a

  • Size

    31KB

  • Sample

    220524-vgylnsacd4

  • MD5

    f655787291ff31bd59f1ffe84f88e6f0

  • SHA1

    ab24818f55bf947eedb608cab1e433c43179b1e5

  • SHA256

    8a3aa1928ed7bf55985b9682e40406499efb3b0e13ec4b7b32dc33a8e653aa7a

  • SHA512

    0b68a8eca484c75455ad3cce3345678b2e11b05e891b688497f44bfdc64000a0964c4c86c6040db11fe0138b8af02f1cc27ab20e1b9c30f417321d7f3694d6d9

Score
10/10
njratbotevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Bot

C2

81.24.179:212:6522

Mutex

c131bf502fd0132beb20b6ff08254fbd

Attributes
  • reg_key

    c131bf502fd0132beb20b6ff08254fbd

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      8a3aa1928ed7bf55985b9682e40406499efb3b0e13ec4b7b32dc33a8e653aa7a

    • Size

      31KB

    • MD5

      f655787291ff31bd59f1ffe84f88e6f0

    • SHA1

      ab24818f55bf947eedb608cab1e433c43179b1e5

    • SHA256

      8a3aa1928ed7bf55985b9682e40406499efb3b0e13ec4b7b32dc33a8e653aa7a

    • SHA512

      0b68a8eca484c75455ad3cce3345678b2e11b05e891b688497f44bfdc64000a0964c4c86c6040db11fe0138b8af02f1cc27ab20e1b9c30f417321d7f3694d6d9

    Score
    10/10
    evasionpersistencenjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks