Overview

overview

10

Static

static

10

Black Adam (2022).exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Black Adam (2022).exe

  • Size

    37KB

  • Sample

    220712-qtvckafah6

  • MD5

    1f60289917bb553067c148fd238b24a5

  • SHA1

    9540097003c4586b5e5de3103dd7a473b33398e9

  • SHA256

    4c8b3ba90bc41a271d9c24139d39728c469112945f413fdc368338f39b7be356

  • SHA512

    9f047b3be3c30924d688ed2160b8ec6c655dd6da579164e69368b754d607aa2ab4b432d3603e70af0dffe1ecf20be876d146b0f124998d88876b15ec54544118

Score
10/10
njratлошокevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Лошок

C2

194.71.126.120:17954

Mutex

13d65a76848c880b980676c6c1cc6341

Attributes
  • reg_key

    13d65a76848c880b980676c6c1cc6341

  • splitter

    |'|'|

Targets

    • Target

      Black Adam (2022).exe

    • Size

      37KB

    • MD5

      1f60289917bb553067c148fd238b24a5

    • SHA1

      9540097003c4586b5e5de3103dd7a473b33398e9

    • SHA256

      4c8b3ba90bc41a271d9c24139d39728c469112945f413fdc368338f39b7be356

    • SHA512

      9f047b3be3c30924d688ed2160b8ec6c655dd6da579164e69368b754d607aa2ab4b432d3603e70af0dffe1ecf20be876d146b0f124998d88876b15ec54544118

    Score
    10/10
    njratлошокevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks