Overview

overview

10

Static

static

7fd1f28c3c...ef.exe

windows7-x64

10

7fd1f28c3c...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7fd1f28c3c49a43cff14302b0d5e790be64412f3b8d142e1df84715cf144cdef

  • Size

    366KB

  • Sample

    221003-cwywwadggr

  • MD5

    2ec5f966af8485c4d445efb4c651e6c7

  • SHA1

    fc9781a10f1fdf02680f6b5d560169ef1aeb24cf

  • SHA256

    7fd1f28c3c49a43cff14302b0d5e790be64412f3b8d142e1df84715cf144cdef

  • SHA512

    af5033db437dde5921568b59c453e4a09d4a145ca6c6ff077718cb96897a5e16a7ba46c25482b7cbb5cc9bd39f68d11d3d550c80180b75c288308e4790b1ea51

  • SSDEEP

    6144:WsxanyfX5k7JlJDlABKUtfU/WQcb5e+CthMmBVuIpB6zk0OfgdGIohT+Y7bOPzAV:H0nyfXuIBDtfuFtCW3akTgdjoh6wbOkV

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

kawtherkahla.ddns.net:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      7fd1f28c3c49a43cff14302b0d5e790be64412f3b8d142e1df84715cf144cdef

    • Size

      366KB

    • MD5

      2ec5f966af8485c4d445efb4c651e6c7

    • SHA1

      fc9781a10f1fdf02680f6b5d560169ef1aeb24cf

    • SHA256

      7fd1f28c3c49a43cff14302b0d5e790be64412f3b8d142e1df84715cf144cdef

    • SHA512

      af5033db437dde5921568b59c453e4a09d4a145ca6c6ff077718cb96897a5e16a7ba46c25482b7cbb5cc9bd39f68d11d3d550c80180b75c288308e4790b1ea51

    • SSDEEP

      6144:WsxanyfX5k7JlJDlABKUtfU/WQcb5e+CthMmBVuIpB6zk0OfgdGIohT+Y7bOPzAV:H0nyfXuIBDtfuFtCW3akTgdjoh6wbOkV

    Score
    10/10
    njrathackedtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks