Overview

overview

10

Static

static

310c021fb4...76.exe

windows7-x64

10

310c021fb4...76.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976

  • Size

    200KB

  • Sample

    221003-btzvqaaeg9

  • MD5

    66e84153d32a83fc6bddb60b67de2640

  • SHA1

    730408f28dc20362eb02f683a288ae853bfd8476

  • SHA256

    310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976

  • SHA512

    a00d96f90610c1376832518c11b9bc2a3e9a497be6a95342788b87a6731704605fdc3bfbc2b4b2e633d5798b0dd2efa6fe53578bec9576b2c6ab5ab7e98e7437

  • SSDEEP

    1536:WSotYbj6iGuhiHpabOU81c57KPCYYX5uAgqHFjdVlrO2FdvSKUxsy/bQ6Ar3:WSoabWWigOU8c7DZJrOodvTUxFVAr3

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

ba4c12bee3027d94da5c81db2d196bfd

Attributes
  • reg_key

    ba4c12bee3027d94da5c81db2d196bfd

  • splitter

    |'|'|

Targets

    • Target

      310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976

    • Size

      200KB

    • MD5

      66e84153d32a83fc6bddb60b67de2640

    • SHA1

      730408f28dc20362eb02f683a288ae853bfd8476

    • SHA256

      310c021fb4f390cf764b379aca54d1c2f936ea1ec2347bc4ff60bc77e4cac976

    • SHA512

      a00d96f90610c1376832518c11b9bc2a3e9a497be6a95342788b87a6731704605fdc3bfbc2b4b2e633d5798b0dd2efa6fe53578bec9576b2c6ab5ab7e98e7437

    • SSDEEP

      1536:WSotYbj6iGuhiHpabOU81c57KPCYYX5uAgqHFjdVlrO2FdvSKUxsy/bQ6Ar3:WSoabWWigOU8c7DZJrOodvTUxFVAr3

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks