Overview

overview

10

Static

static

450febf90b...9f.exe

windows7_x64

10

450febf90b...9f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    450febf90bdbd1c1753c10d084423db4578c8f30c0719b46baa3e887b561319f

  • Size

    70KB

  • Sample

    220707-vt4cpacddl

  • MD5

    5b5b6acfff94ab2ea7d2aafd9983a353

  • SHA1

    34716ede5cfa268ce7c11f45cfaf3a28b28bdf94

  • SHA256

    450febf90bdbd1c1753c10d084423db4578c8f30c0719b46baa3e887b561319f

  • SHA512

    b0bfb9730de9ae9cea8982530f4ee7c90a38c4bd6f7472d72ee91ee002e6fd0d65e00090e21fa4858c99996c468530565213768f276fcdafe96f23429525ee2f

Score
10/10
njratfacebook program 2evasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

facebook program 2

C2

bigassfuck.no-ip.biz:5552

Mutex

a493ae23d7d17afc69abe7c9d6854f5d

Attributes
  • reg_key

    a493ae23d7d17afc69abe7c9d6854f5d

  • splitter

    |'|'|

Targets

    • Target

      450febf90bdbd1c1753c10d084423db4578c8f30c0719b46baa3e887b561319f

    • Size

      70KB

    • MD5

      5b5b6acfff94ab2ea7d2aafd9983a353

    • SHA1

      34716ede5cfa268ce7c11f45cfaf3a28b28bdf94

    • SHA256

      450febf90bdbd1c1753c10d084423db4578c8f30c0719b46baa3e887b561319f

    • SHA512

      b0bfb9730de9ae9cea8982530f4ee7c90a38c4bd6f7472d72ee91ee002e6fd0d65e00090e21fa4858c99996c468530565213768f276fcdafe96f23429525ee2f

    Score
    10/10
    njratfacebook program 2evasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks