Overview

overview

10

Static

static

c7359c4c21...f7.exe

windows7_x64

10

c7359c4c21...f7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7

  • Size

    144KB

  • Sample

    220630-wyk8caffcr

  • MD5

    246dae845a64baedbdf28b4808d143fe

  • SHA1

    7d0922cee3a00006296da8ec44d26973ac9f7607

  • SHA256

    c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7

  • SHA512

    b87dcfe01566f7d357447257db084720f4d2793d33d69ab4346fc1358a2074983f4c4f56030e24a5d42b35119864ea6080cc9b323a6a0a9c703045c017e79bb4

Score
10/10
njratabevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

AB

C2

192.168.1.205,91.224.132.173,91.224.132.173,192.168.1.205:5553

Mutex

b0fcade127d50dda11e85f8a467d7a02

Attributes
  • reg_key

    b0fcade127d50dda11e85f8a467d7a02

  • splitter

    |'|'|

Targets

    • Target

      c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7

    • Size

      144KB

    • MD5

      246dae845a64baedbdf28b4808d143fe

    • SHA1

      7d0922cee3a00006296da8ec44d26973ac9f7607

    • SHA256

      c7359c4c21dc4ebc1ebc15c6b555d615009ce0c4cee040bc51f579b8e240a3f7

    • SHA512

      b87dcfe01566f7d357447257db084720f4d2793d33d69ab4346fc1358a2074983f4c4f56030e24a5d42b35119864ea6080cc9b323a6a0a9c703045c017e79bb4

    Score
    10/10
    njratabevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks