Overview

overview

10

Static

static

a14aa43eb0...ef.exe

windows7-x64

10

a14aa43eb0...ef.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a14aa43eb0b12222e7c53006ef394b1869bcc2183f382d8703a24de201ee6aef

  • Size

    184KB

  • Sample

    221002-pw6ypsgghl

  • MD5

    6d97276e6144da0b850904d915891200

  • SHA1

    7b5f6cb90e68259d86b40e3ed942dc18f5fe2cc7

  • SHA256

    a14aa43eb0b12222e7c53006ef394b1869bcc2183f382d8703a24de201ee6aef

  • SHA512

    a167d0b8e9c61d2c4d9d3840892d558152caa6ff12cdbef15c5d8b1b16ed65000bfea1d0237ac887ef8035adfca9fce22d9e418c7d6bef8486523dd04c83b5d8

  • SSDEEP

    3072:4P/64wC0/OcdLa+1bpTydsuPruWKHZa782g8welS:4nr302+LNpWdVTuW0Ivg8wQS

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

ebrahem100.no-ip.biz:81

Mutex

540674d27648b4002f3da3120cd94d0f

Attributes
  • reg_key

    540674d27648b4002f3da3120cd94d0f

  • splitter

    |'|'|

Targets

    • Target

      a14aa43eb0b12222e7c53006ef394b1869bcc2183f382d8703a24de201ee6aef

    • Size

      184KB

    • MD5

      6d97276e6144da0b850904d915891200

    • SHA1

      7b5f6cb90e68259d86b40e3ed942dc18f5fe2cc7

    • SHA256

      a14aa43eb0b12222e7c53006ef394b1869bcc2183f382d8703a24de201ee6aef

    • SHA512

      a167d0b8e9c61d2c4d9d3840892d558152caa6ff12cdbef15c5d8b1b16ed65000bfea1d0237ac887ef8035adfca9fce22d9e418c7d6bef8486523dd04c83b5d8

    • SSDEEP

      3072:4P/64wC0/OcdLa+1bpTydsuPruWKHZa782g8welS:4nr302+LNpWdVTuW0Ivg8wQS

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks