Overview

overview

10

Static

static

1c4cbc9751...20.exe

windows7_x64

10

1c4cbc9751...20.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c4cbc97513c9af8e9ebcb8ea131fe53f73705478ba9e548c8efa6479a44c920

  • Size

    92KB

  • Sample

    220630-vs3d1adefp

  • MD5

    8abf1023307b352cb84c0fcbfad37e12

  • SHA1

    42ce68671085b008a05707a2f400a59521a97695

  • SHA256

    1c4cbc97513c9af8e9ebcb8ea131fe53f73705478ba9e548c8efa6479a44c920

  • SHA512

    9a1b490220dccd74e6130373b28b4167551581b21b603db3410a632f378f4c0761ffd6ecbe91eef7fe5e6cab4347322875e7ed689efdde442e2089b690331885

Score
10/10
njrathacked by 7alimevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed by 7alim

C2

spamerdz9161.hopto.org:53

Mutex

e2423738f167cfb0cdd3e8eff3fc2c4d

Attributes
  • reg_key

    e2423738f167cfb0cdd3e8eff3fc2c4d

  • splitter

    |'|'|

Targets

    • Target

      1c4cbc97513c9af8e9ebcb8ea131fe53f73705478ba9e548c8efa6479a44c920

    • Size

      92KB

    • MD5

      8abf1023307b352cb84c0fcbfad37e12

    • SHA1

      42ce68671085b008a05707a2f400a59521a97695

    • SHA256

      1c4cbc97513c9af8e9ebcb8ea131fe53f73705478ba9e548c8efa6479a44c920

    • SHA512

      9a1b490220dccd74e6130373b28b4167551581b21b603db3410a632f378f4c0761ffd6ecbe91eef7fe5e6cab4347322875e7ed689efdde442e2089b690331885

    Score
    10/10
    njrathacked by 7alimevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks