Overview

overview

10

Static

static

10

BlazingPac...er.exe

windows7_x64

10

BlazingPac...er.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BlazingPackLauncher.bin

  • Size

    27KB

  • Sample

    220707-vypebscfbk

  • MD5

    4e6257378e1a8c3e6342d5536cf1c7c5

  • SHA1

    e2b05f484e86a325ab8f97b7c56dcb54aa235e53

  • SHA256

    f644a893d8011489f48ca271be1a4cf0ce24aad62fb3173284075c51ad13f3c0

  • SHA512

    cf4eceeda3c74579e258a20c70d3484b2d68c81584d688cef8766ebe1e7e6f4861dcadca41b6782f0e6717fb859401b5872f3c5e550572700584324b2c933417

Score
10/10
njratdosehhakerevasionspywarestealersuricatatrojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

DosehHaker

C2

property-served.at.playit.gg:13426

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |-F-|

Targets

    • Target

      BlazingPackLauncher.bin

    • Size

      27KB

    • MD5

      4e6257378e1a8c3e6342d5536cf1c7c5

    • SHA1

      e2b05f484e86a325ab8f97b7c56dcb54aa235e53

    • SHA256

      f644a893d8011489f48ca271be1a4cf0ce24aad62fb3173284075c51ad13f3c0

    • SHA512

      cf4eceeda3c74579e258a20c70d3484b2d68c81584d688cef8766ebe1e7e6f4861dcadca41b6782f0e6717fb859401b5872f3c5e550572700584324b2c933417

    Score
    10/10
    njratdosehhakerevasionsuricatatrojanspywarestealer

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks