Overview

overview

10

Static

static

e1d8fd036b...df.exe

windows7-x64

10

e1d8fd036b...df.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df

  • Size

    243KB

  • Sample

    221003-awlv7safak

  • MD5

    6b695a7b241359cba5a4e94751902d90

  • SHA1

    684bde72a7a20d6db8f7d81e6f6dadfd9b8a44ab

  • SHA256

    e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df

  • SHA512

    93e406ec9ba9d91f5878989d7973817b6eac75d0d13a80920e4fd9f669619ea4e54038970b30691ad049775f838b646915d84f3cab127d4cfcbe6a4cfdf0deba

  • SSDEEP

    6144:GWzpIiSxD3vAJVbG+KxRTnGeM8GCsMbH6eKKN:XzCiOrIFbK3aerZjK

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

toshiba.no-ip.biz:1177

Mutex

5f7f79738df89bca155327b166914425

Attributes
  • reg_key

    5f7f79738df89bca155327b166914425

  • splitter

    |'|'|

Targets

    • Target

      e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df

    • Size

      243KB

    • MD5

      6b695a7b241359cba5a4e94751902d90

    • SHA1

      684bde72a7a20d6db8f7d81e6f6dadfd9b8a44ab

    • SHA256

      e1d8fd036bb1ad32351420c825491672f6c423419cede6e3f16096a989e066df

    • SHA512

      93e406ec9ba9d91f5878989d7973817b6eac75d0d13a80920e4fd9f669619ea4e54038970b30691ad049775f838b646915d84f3cab127d4cfcbe6a4cfdf0deba

    • SSDEEP

      6144:GWzpIiSxD3vAJVbG+KxRTnGeM8GCsMbH6eKKN:XzCiOrIFbK3aerZjK

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks