Overview

overview

10

Static

static

Password.txt

windows7-x64

1

Password.txt

windows10-2004-x64

1

Proxyscrap....3.dll

windows7-x64

1

Proxyscrap....3.dll

windows10-2004-x64

1

Proxyscrap...or.exe

windows7-x64

10

Proxyscrap...or.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Proxyscrape Key Generator By PJ.zip

  • Size

    443KB

  • Sample

    220910-pmw25sdggl

  • MD5

    28665db85ade8c567b864eec128f1568

  • SHA1

    ec3e43e93a43fe62ee2e174b3f1f71cddb459853

  • SHA256

    5ba35a47705257d5a509f8797836cb288e690b8b1af07de5d19cf0ac9d96ecf2

  • SHA512

    856b673533c43fcb7783fe41791084196628bbcf8cd7dfa87ec0be429d41fa1bcbb4d14eb7592fb1b1289df05f719ff5ac53a55a258444111663ec34afbb6471

  • SSDEEP

    6144:DSN3aFNQZZmiUqs27OjhLxhn5I5iM0crMeJHdeiM1aladK0A2vTqR45J+xr+IGyU:OaId+L/58iMTgiqWadFT245JGwyATv7P

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

blog.hackcrack.io:8081

Mutex

ca86f672d0ce2b751cd00487354a1da0

Attributes
  • reg_key

    ca86f672d0ce2b751cd00487354a1da0

  • splitter

    |'|'|

Targets

    • Target

      Password.txt

    • Size

      21B

    • MD5

      bc3b330126c0cce1d76732346804ceff

    • SHA1

      72b5e61a1121588460474d8be9a8962835826cbc

    • SHA256

      acbd16c46b5f37ef33bc01c249e9095b72af7dbc9e9cd878a7de511551c18ba8

    • SHA512

      d0af81d2619aceda4f57dc4ad460e348c70c22ab2171624539feaa4d69a3ba3f09789ddc798a85a2c2312bd062691d8006fe7d919a1b27a6ac81e5989512b3e2

    Score
    1/10
    behavioral1behavioral2

    • Target

      Proxyscrape Key Generator By PJ/Bunifu_UI_v1.5.3.dll

    • Size

      236KB

    • MD5

      2ecb51ab00c5f340380ecf849291dbcf

    • SHA1

      1a4dffbce2a4ce65495ed79eab42a4da3b660931

    • SHA256

      f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf

    • SHA512

      e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b

    • SSDEEP

      6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG

    Score
    1/10
    behavioral3behavioral4

    • Target

      Proxyscrape Key Generator By PJ/Proxyscrape Key Generator.exe

    • Size

      961KB

    • MD5

      87209c33773be8965c3a1a81387c5e99

    • SHA1

      d9ca7002529e6cc4ff246b0caa2588f58153415d

    • SHA256

      b6f59af79ed2d64cb69d8c66fead974f5b73c66ddfa4e9dd0db7e33a1b7a51a8

    • SHA512

      8b4871009b83e27eb73104531c4bdac24f3f99146feddf1289f0683421699f961deffb7bf0497d1314252023bb0d4bd9636c53c064f4d80813d32a54ab56d1da

    • SSDEEP

      6144:nUSUpHEa0jT7M7eJYsECpHHJjX4pLEBpBSKwTO/ANtL57u2A6z93g67ws8atQ73Q:IaJzYonlwTOOD7GCQEwraNZdevKwg9P

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks