Overview

overview

10

Static

static

10

11695dc77d...79.exe

windows7-x64

10

11695dc77d...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79

  • Size

    29KB

  • Sample

    221002-rje1kaabd8

  • MD5

    634ab053307a90fe48245b72292180a0

  • SHA1

    9f0e59ddeeffa2b280b8f3379902022179521ef2

  • SHA256

    11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79

  • SHA512

    f8e94ac7fe9f6b37be2e0b5262e43a8bcd76a898d6c910e0ddff38eaf58760fa258e7a17128e66e3edecc91fd8faf8be84228dcfaf6cf2fab8c0cd3520c2f6e5

  • SSDEEP

    768:GrD71oGc1FRVp74q2HesBKh0p29SgRHO:kD71IPkjZKhG29jHO

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

feras9999.no-ip.biz:1177

Mutex

d5a38e9b5f206c41f8851bf04a251d26

Attributes
  • reg_key

    d5a38e9b5f206c41f8851bf04a251d26

  • splitter

    |'|'|

Targets

    • Target

      11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79

    • Size

      29KB

    • MD5

      634ab053307a90fe48245b72292180a0

    • SHA1

      9f0e59ddeeffa2b280b8f3379902022179521ef2

    • SHA256

      11695dc77d6971a58cba9b2230eee1dea2f6f36064ea44fee33a6361d24c4e79

    • SHA512

      f8e94ac7fe9f6b37be2e0b5262e43a8bcd76a898d6c910e0ddff38eaf58760fa258e7a17128e66e3edecc91fd8faf8be84228dcfaf6cf2fab8c0cd3520c2f6e5

    • SSDEEP

      768:GrD71oGc1FRVp74q2HesBKh0p29SgRHO:kD71IPkjZKhG29jHO

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks