Overview

overview

10

Static

static

b9816004cc...aa.exe

windows7-x64

10

b9816004cc...aa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa

  • Size

    289KB

  • Sample

    221001-178r8abagj

  • MD5

    61515ba9633ff41d3fa44d5ff837c460

  • SHA1

    83623fc4699e3ea9b628d1f9a5f4cdd7426c36b8

  • SHA256

    b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa

  • SHA512

    234438c585b175f5d743e30692888591ea3a1a5d2b59e1e75dd49fe44173656f1bddee85b31fa27dad95f541f958f0b2f89d36b74d63de88bc683f0d68126a1f

  • SSDEEP

    3072:FB/o6kBWW71YYd9mE6qTW59cbX/lqmqb/9kdR4cBtVIzKkes5RPdmDwgd4Ujepq0:Y/BC5

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HACKED

C2

hasniimed.no-ip.biz:1177

Mutex

9e07d5f15e8eb1f15f646580801c5439

Attributes
  • reg_key

    9e07d5f15e8eb1f15f646580801c5439

  • splitter

    |'|'|

Targets

    • Target

      b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa

    • Size

      289KB

    • MD5

      61515ba9633ff41d3fa44d5ff837c460

    • SHA1

      83623fc4699e3ea9b628d1f9a5f4cdd7426c36b8

    • SHA256

      b9816004cc425eab5931e6c8cdf529925395cefe0ea70e012c14e15b87d8e4aa

    • SHA512

      234438c585b175f5d743e30692888591ea3a1a5d2b59e1e75dd49fe44173656f1bddee85b31fa27dad95f541f958f0b2f89d36b74d63de88bc683f0d68126a1f

    • SSDEEP

      3072:FB/o6kBWW71YYd9mE6qTW59cbX/lqmqb/9kdR4cBtVIzKkes5RPdmDwgd4Ujepq0:Y/BC5

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks