Overview

overview

10

Static

static

66929368ec...f5.exe

windows7-x64

10

66929368ec...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66929368ec88413ceadfb1cb038703afd063a5fab90306eab8d5c9aabe329df5

  • Size

    89KB

  • Sample

    221002-qkqysaaadq

  • MD5

    554a8f51482feeea2a163d9c33afb180

  • SHA1

    0987ba7fca0d0e4bec75d91cd11468cfc3cf16a6

  • SHA256

    66929368ec88413ceadfb1cb038703afd063a5fab90306eab8d5c9aabe329df5

  • SHA512

    19583a0f59d0168628cff4675a29f54ac7889182b91919ddf3e019b30e1bb019cc6a70073486e70ffe873c7755e15ffdf5f49fabf98957be4a4bdf9abd9e3da0

  • SSDEEP

    1536:5d2u+5+e1gh9JmYXCHgwtHNayrPMo2AOaVnkJRrt+:5dC511eSAyaaUoyaVkJP+

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      66929368ec88413ceadfb1cb038703afd063a5fab90306eab8d5c9aabe329df5

    • Size

      89KB

    • MD5

      554a8f51482feeea2a163d9c33afb180

    • SHA1

      0987ba7fca0d0e4bec75d91cd11468cfc3cf16a6

    • SHA256

      66929368ec88413ceadfb1cb038703afd063a5fab90306eab8d5c9aabe329df5

    • SHA512

      19583a0f59d0168628cff4675a29f54ac7889182b91919ddf3e019b30e1bb019cc6a70073486e70ffe873c7755e15ffdf5f49fabf98957be4a4bdf9abd9e3da0

    • SSDEEP

      1536:5d2u+5+e1gh9JmYXCHgwtHNayrPMo2AOaVnkJRrt+:5dC511eSAyaaUoyaVkJP+

    Score
    10/10
    njrathackedtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks