Overview

overview

10

Static

static

10

0x00080000...64.exe

windows7_x64

10

0x00080000...64.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x0008000000012699-64.dat

  • Size

    37KB

  • Sample

    220706-2hp49acbd4

  • MD5

    333baef68bf06e2bff8c785f9120559d

  • SHA1

    b605cc35ec178240b1150a81d73e58d1d9417bac

  • SHA256

    4d62a9ab6abeeafd08fc299581c0910c36ccf64178c16fc06b4a57a48858e1d4

  • SHA512

    0ba29d931b3166c4d334cd45f02cc053efbe2f1db3dc844a43e8f9b12a6efea3d73d45d49ab048fdd7b21495b8bbe1929b560ead99890d88f02b99fda186c1cc

Score
10/10
njrathackedevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

51.89.91.139:5050

Mutex

5db0afc818875fbd9be3e842f2d3f24b

Attributes
  • reg_key

    5db0afc818875fbd9be3e842f2d3f24b

  • splitter

    |'|'|

Targets

    • Target

      0x0008000000012699-64.dat

    • Size

      37KB

    • MD5

      333baef68bf06e2bff8c785f9120559d

    • SHA1

      b605cc35ec178240b1150a81d73e58d1d9417bac

    • SHA256

      4d62a9ab6abeeafd08fc299581c0910c36ccf64178c16fc06b4a57a48858e1d4

    • SHA512

      0ba29d931b3166c4d334cd45f02cc053efbe2f1db3dc844a43e8f9b12a6efea3d73d45d49ab048fdd7b21495b8bbe1929b560ead99890d88f02b99fda186c1cc

    Score
    10/10
    njrathackedevasionpersistencesuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks