Overview

overview

10

Static

static

10

dllhost.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dllhost.exe

  • Size

    93KB

  • Sample

    220613-xpfryaedf3

  • MD5

    475aaede20d0e0de3c6e6589f7d2743e

  • SHA1

    3454f920325b22d7293fdd50e0b97bbc4c8f9a05

  • SHA256

    9a601d190647482c1631ca2c94341f1e98719cb2c1a0c36a57d98d46a386711d

  • SHA512

    84cf48dd1bfe10e53ba61feab37cd806fea13604894b42253a7aacfc84328a9687ba86f2956983aabbc7bace9adad92a0fb3fbbfab6f27bcee072b4695f2ae11

Score
10/10
njratmediagetevasionsuricatatrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MediaGet

C2

OTFRANSESCOuOTkuFRANSESCOTA0Ljk2:MTc1MjQ=

Mutex

e16ca4b3ba16d929041c508a1cd98a13

Attributes
  • reg_key

    e16ca4b3ba16d929041c508a1cd98a13

  • splitter

    |'|'|

Targets

    • Target

      dllhost.exe

    • Size

      93KB

    • MD5

      475aaede20d0e0de3c6e6589f7d2743e

    • SHA1

      3454f920325b22d7293fdd50e0b97bbc4c8f9a05

    • SHA256

      9a601d190647482c1631ca2c94341f1e98719cb2c1a0c36a57d98d46a386711d

    • SHA512

      84cf48dd1bfe10e53ba61feab37cd806fea13604894b42253a7aacfc84328a9687ba86f2956983aabbc7bace9adad92a0fb3fbbfab6f27bcee072b4695f2ae11

    Score
    10/10
    njratmediagetevasionsuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks