Overview

overview

10

Static

static

10

0x000b0000...61.exe

windows7-x64

10

0x000b0000...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x000b000000012315-61.dat

  • Size

    23KB

  • Sample

    220928-276hjaadeq

  • MD5

    142313d7733b824409a828920e97ace1

  • SHA1

    12f6be17f7d109e70e10d787203ee3ce501b4ea3

  • SHA256

    2ff87e3a4ca06c7e160524b391317b7a9d824eb3ee239651bcf7bf413dd45336

  • SHA512

    88d87acb4cf5e85e1753472fccad7105647680d5cc29de628617361ada32cf635b1dc95745e1aba72070301419a77b16b5268b855c4d1b721405d292909750c7

  • SSDEEP

    384:O8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZK9:BXcwt3tRpcnu1

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

2.tcp.ngrok.io:14402

Mutex

5cb3161ea3511d9f5e42e30a884c6964

Attributes
  • reg_key

    5cb3161ea3511d9f5e42e30a884c6964

  • splitter

    |'|'|

Targets

    • Target

      0x000b000000012315-61.dat

    • Size

      23KB

    • MD5

      142313d7733b824409a828920e97ace1

    • SHA1

      12f6be17f7d109e70e10d787203ee3ce501b4ea3

    • SHA256

      2ff87e3a4ca06c7e160524b391317b7a9d824eb3ee239651bcf7bf413dd45336

    • SHA512

      88d87acb4cf5e85e1753472fccad7105647680d5cc29de628617361ada32cf635b1dc95745e1aba72070301419a77b16b5268b855c4d1b721405d292909750c7

    • SSDEEP

      384:O8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZK9:BXcwt3tRpcnu1

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks