Overview

overview

10

Static

static

08a4974958...27.exe

windows7-x64

8

08a4974958...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08a49749587943bcd5c8253c71160271a7c4e8fa70dfecb8de768db62d7ba827

  • Size

    67KB

  • Sample

    221003-b2ff2scdfk

  • MD5

    66b4be0d76030c04d038d4eebeef2840

  • SHA1

    6bc2264465c19831abc465c1858885adef57ad1d

  • SHA256

    08a49749587943bcd5c8253c71160271a7c4e8fa70dfecb8de768db62d7ba827

  • SHA512

    f83cd099db7d8c140322f9d2de6792d66246213b942c1b1542954f6f99d4c7686f7b960ded42375d093826298676eeaaf6aa9cb68b48c2f0b96cd9e7391615fb

  • SSDEEP

    1536:+WVFvTccWkWRxTvA/7yHL4RSk9thiVrZE/7gKjM:+QTccWbTIur4Y6MVrC/VQ

Score
10/10
njratevasiontrojan

Malware Config

Targets

    • Target

      08a49749587943bcd5c8253c71160271a7c4e8fa70dfecb8de768db62d7ba827

    • Size

      67KB

    • MD5

      66b4be0d76030c04d038d4eebeef2840

    • SHA1

      6bc2264465c19831abc465c1858885adef57ad1d

    • SHA256

      08a49749587943bcd5c8253c71160271a7c4e8fa70dfecb8de768db62d7ba827

    • SHA512

      f83cd099db7d8c140322f9d2de6792d66246213b942c1b1542954f6f99d4c7686f7b960ded42375d093826298676eeaaf6aa9cb68b48c2f0b96cd9e7391615fb

    • SSDEEP

      1536:+WVFvTccWkWRxTvA/7yHL4RSk9thiVrZE/7gKjM:+QTccWbTIur4Y6MVrC/VQ

    Score
    10/10
    evasionnjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks