Overview

overview

10

Static

static

46715abb1e...a1.exe

windows7_x64

10

46715abb1e...a1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46715abb1e5a7ea1409b29d6fea42c45ce0dfb6c40085a07cab428c78a44a4a1

  • Size

    305KB

  • Sample

    220707-kn1dqsbeh5

  • MD5

    f901b42116f1f8a52cc3abe6d8181135

  • SHA1

    09e6a2744d998d2a9d72c164998a19ba2638c3c6

  • SHA256

    46715abb1e5a7ea1409b29d6fea42c45ce0dfb6c40085a07cab428c78a44a4a1

  • SHA512

    4bae619983e17b077575a6961a94a4d080cebbd44dda1e5369bbcab71d6837dc0e19c95e77fb7c7603db629f580aeab1aeb0dc597168f6ae852c50750cecced1

Score
10/10
njratadminevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Admin

C2

n1313.publicvm.com:6686

Mutex

3e2ba6e27f6c302ca8093546541e02ce

Attributes
  • reg_key

    3e2ba6e27f6c302ca8093546541e02ce

  • splitter

    |'|'|

Targets

    • Target

      46715abb1e5a7ea1409b29d6fea42c45ce0dfb6c40085a07cab428c78a44a4a1

    • Size

      305KB

    • MD5

      f901b42116f1f8a52cc3abe6d8181135

    • SHA1

      09e6a2744d998d2a9d72c164998a19ba2638c3c6

    • SHA256

      46715abb1e5a7ea1409b29d6fea42c45ce0dfb6c40085a07cab428c78a44a4a1

    • SHA512

      4bae619983e17b077575a6961a94a4d080cebbd44dda1e5369bbcab71d6837dc0e19c95e77fb7c7603db629f580aeab1aeb0dc597168f6ae852c50750cecced1

    Score
    10/10
    njratadminevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks