Overview

overview

10

Static

static

10

c64d24a5fa...b6.exe

windows7-x64

10

c64d24a5fa...b6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c64d24a5fa8d9bbe00bfe537373ef2117229d862fec5d9cc9570df296728d6b6

  • Size

    29KB

  • Sample

    221003-23qlhsbdfq

  • MD5

    04f86d16a8e9f60ffdd8d3984dbb0ff0

  • SHA1

    b704c9934695a7045a09f9e9ee8fc7483bcf5b14

  • SHA256

    c64d24a5fa8d9bbe00bfe537373ef2117229d862fec5d9cc9570df296728d6b6

  • SHA512

    5aed7fe6b24f7e2fb4c238140f87c5ad9b403e9bd0198621ec1a3fe7d8e9dc97e06324591207afa2d9e260fa61af40f99405292d5b13208f4b16534fe9fb8607

  • SSDEEP

    384:qs/hl7b1/JEI+GPWrb5hFEaemqD6CLeQTGBsbh0w4wlAokw9OhgOL1vYRGOZzTJ6:T7bXEI+GevhEsqdLe3BKh0p29SgRPw

Score
10/10
njrattest1evasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

test1

C2

172.18.40.192:1177

Mutex

fd9908124184c84762163c235c517c7b

Attributes
  • reg_key

    fd9908124184c84762163c235c517c7b

  • splitter

    |'|'|

Targets

    • Target

      c64d24a5fa8d9bbe00bfe537373ef2117229d862fec5d9cc9570df296728d6b6

    • Size

      29KB

    • MD5

      04f86d16a8e9f60ffdd8d3984dbb0ff0

    • SHA1

      b704c9934695a7045a09f9e9ee8fc7483bcf5b14

    • SHA256

      c64d24a5fa8d9bbe00bfe537373ef2117229d862fec5d9cc9570df296728d6b6

    • SHA512

      5aed7fe6b24f7e2fb4c238140f87c5ad9b403e9bd0198621ec1a3fe7d8e9dc97e06324591207afa2d9e260fa61af40f99405292d5b13208f4b16534fe9fb8607

    • SSDEEP

      384:qs/hl7b1/JEI+GPWrb5hFEaemqD6CLeQTGBsbh0w4wlAokw9OhgOL1vYRGOZzTJ6:T7bXEI+GevhEsqdLe3BKh0p29SgRPw

    Score
    10/10
    njrattest1evasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks