Overview

overview

10

Static

static

10

c47b12eef2...cb.exe

windows7_x64

10

c47b12eef2...cb.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c47b12eef22b3634c0757a9012eed2cb.exe

  • Size

    37KB

  • Sample

    220531-aawtaabehq

  • MD5

    c47b12eef22b3634c0757a9012eed2cb

  • SHA1

    906c940fc31587d5b9c3e144f633506e99c92649

  • SHA256

    f048700ad1b8f6ef08a228f88c5f0ae60b5b8a75ff42ea1587a0865142ef87fc

  • SHA512

    91676965e494d976be7a539c8671b97b4ccb7898651a53f59e9d43b7620695941e4ccbdde0da7eb6c8844992250061cb63f5e570f16030f3c5544ed37dcc2e47

Score
10/10
njratbotevasionpersistencesuricata

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

BOT

C2

2.tcp.eu.ngrok.io:15441

Mutex

88489d1083fd6ed1fecee39e01330c6c

Attributes
  • reg_key

    88489d1083fd6ed1fecee39e01330c6c

  • splitter

    |'|'|

Targets

    • Target

      c47b12eef22b3634c0757a9012eed2cb.exe

    • Size

      37KB

    • MD5

      c47b12eef22b3634c0757a9012eed2cb

    • SHA1

      906c940fc31587d5b9c3e144f633506e99c92649

    • SHA256

      f048700ad1b8f6ef08a228f88c5f0ae60b5b8a75ff42ea1587a0865142ef87fc

    • SHA512

      91676965e494d976be7a539c8671b97b4ccb7898651a53f59e9d43b7620695941e4ccbdde0da7eb6c8844992250061cb63f5e570f16030f3c5544ed37dcc2e47

    Score
    10/10
    evasionpersistencesuricata

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks