Overview

overview

10

Static

static

b16945da30...78.exe

windows7-x64

10

b16945da30...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178

  • Size

    868KB

  • Sample

    221002-l85pmaaga2

  • MD5

    6344136916735c417ffd49606be4aea0

  • SHA1

    246bec05170515feaf08a88387beb78fe3d01df4

  • SHA256

    b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178

  • SHA512

    a9bce68c621d5f9affe355c2048cd4b48cc32fefc462aecae676e3ab4b3ea9fdc24f1f94400c8b4ea8a3d2f86e399916788a970ac23aa15b674236e5c26b4009

  • SSDEEP

    24576:c1NRQ0/S7A5SkvNYxllTRS/wibJ482oNrt27EF:c1NQMSdxNSlbN2M4C

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

mosa15.zapto.org:15

Mutex

db202f2d0c993a02c48604d33df7e68f

Attributes
  • reg_key

    db202f2d0c993a02c48604d33df7e68f

  • splitter

    |'|'|

Targets

    • Target

      b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178

    • Size

      868KB

    • MD5

      6344136916735c417ffd49606be4aea0

    • SHA1

      246bec05170515feaf08a88387beb78fe3d01df4

    • SHA256

      b16945da30d28760d111a30d1461fa4cb548d3febedd0447e82f2799b8912178

    • SHA512

      a9bce68c621d5f9affe355c2048cd4b48cc32fefc462aecae676e3ab4b3ea9fdc24f1f94400c8b4ea8a3d2f86e399916788a970ac23aa15b674236e5c26b4009

    • SSDEEP

      24576:c1NRQ0/S7A5SkvNYxllTRS/wibJ482oNrt27EF:c1NQMSdxNSlbN2M4C

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks