Overview

overview

10

Static

static

Desktop.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.exe

  • Size

    516KB

  • Sample

    220613-wdtnzseag6

  • MD5

    76ae0eca1c902efaeb09d2990f8ed33c

  • SHA1

    e1a0175371ab6f0fbff640b774bae4055c317ae4

  • SHA256

    87e69661b35f6833b236a1581e2b0d6b0d1a89947109004b7fcc0e02ea72b9dd

  • SHA512

    77e638753313c3b72135c4aa142d543422a3bf9ec02b8f2ef9f369cdf69d42df8d83a6a2e04f07eaf1134150c075f58a70675f3c4255d8841d73aa560a47ec1c

Score
10/10
njratmediagetpopkaevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MediaGet

C2

OTFRANSESCOuOTkuFRANSESCOTA0Ljk2:MTc1MjQ=

Mutex

1571b5852404c7525e9ab9a97346d0fb

Attributes
  • reg_key

    1571b5852404c7525e9ab9a97346d0fb

  • splitter

    |'|'|

Extracted

Family

njrat

Version

im523

Botnet

popka

C2

185.204.1.236:8648

Mutex

73669228637201240c020112fc761ef3

Attributes
  • reg_key

    73669228637201240c020112fc761ef3

  • splitter

    |'|'|

Targets

    • Target

      Desktop.exe

    • Size

      516KB

    • MD5

      76ae0eca1c902efaeb09d2990f8ed33c

    • SHA1

      e1a0175371ab6f0fbff640b774bae4055c317ae4

    • SHA256

      87e69661b35f6833b236a1581e2b0d6b0d1a89947109004b7fcc0e02ea72b9dd

    • SHA512

      77e638753313c3b72135c4aa142d543422a3bf9ec02b8f2ef9f369cdf69d42df8d83a6a2e04f07eaf1134150c075f58a70675f3c4255d8841d73aa560a47ec1c

    Score
    10/10
    njratmediagetpopkaevasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)

      suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback (Remote Desktop)

      suricata

    • suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)

      suricata: ET MALWARE njrat ver 0.7d Malware CnC Callback Response (Remote Desktop)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks