Overview

overview

10

Static

static

10

b46fc12074...a9.exe

windows7-x64

10

b46fc12074...a9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b46fc12074f307eab9675a25fb781fbe401425a8dd57293b49e983ad94424ba9

  • Size

    23KB

  • Sample

    221002-2n4jtsdhc6

  • MD5

    67acdbca7c72d3969a549c414d18d630

  • SHA1

    28bb308476aa7b3f6ac8d5299a0e70bcb8b5dcfc

  • SHA256

    b46fc12074f307eab9675a25fb781fbe401425a8dd57293b49e983ad94424ba9

  • SHA512

    5e284da79589178d6e62c2863e611cb8ac6b4bde653613bf5f227a5f9a59e29dc4c4fe9bc3a438ed4580538bda0d768a66e048f3bd4b6577bc79ad6472e328a7

  • SSDEEP

    384:rcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZaR:w30py6vhxaRpcnuB

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

riad1.no-ip.biz:1177

Mutex

5715416fef0cb3c7ac9c48f716dce43b

Attributes
  • reg_key

    5715416fef0cb3c7ac9c48f716dce43b

  • splitter

    |'|'|

Targets

    • Target

      b46fc12074f307eab9675a25fb781fbe401425a8dd57293b49e983ad94424ba9

    • Size

      23KB

    • MD5

      67acdbca7c72d3969a549c414d18d630

    • SHA1

      28bb308476aa7b3f6ac8d5299a0e70bcb8b5dcfc

    • SHA256

      b46fc12074f307eab9675a25fb781fbe401425a8dd57293b49e983ad94424ba9

    • SHA512

      5e284da79589178d6e62c2863e611cb8ac6b4bde653613bf5f227a5f9a59e29dc4c4fe9bc3a438ed4580538bda0d768a66e048f3bd4b6577bc79ad6472e328a7

    • SSDEEP

      384:rcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZaR:w30py6vhxaRpcnuB

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks