Overview

overview

10

Static

static

e792b472ab...2a.exe

windows7-x64

10

e792b472ab...2a.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e792b472aba1b5339a61e539fd53cddbede5d09dc590aa2d70eb334aed47652a

  • Size

    234KB

  • Sample

    221003-qgrqxagghr

  • MD5

    4a5727e19af37605f8cbbb536c1ba210

  • SHA1

    cb247fa9057166e4d6614271c6338e589a391582

  • SHA256

    e792b472aba1b5339a61e539fd53cddbede5d09dc590aa2d70eb334aed47652a

  • SHA512

    e7eda0925c91633a16fe59933fb599a58543186ce7cd8403953527d8efb85e07a6015fdc133096c4b8395b77b4be0374de5d8cf1edad2836d7a5e5e0d1426c43

  • SSDEEP

    1536:HYG6B6W5QIvP4/gKvaciMxZlFiv+iE2rs/BvAQ+ayLG:4AW5QIvP4/gKvtiMniGt2riAQ+ayLG

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

cxxz.no-ip.biz:754

Mutex

8f36d4276935c0211cd307d1dfb7c49d

Attributes
  • reg_key

    8f36d4276935c0211cd307d1dfb7c49d

  • splitter

    |'|'|

Targets

    • Target

      e792b472aba1b5339a61e539fd53cddbede5d09dc590aa2d70eb334aed47652a

    • Size

      234KB

    • MD5

      4a5727e19af37605f8cbbb536c1ba210

    • SHA1

      cb247fa9057166e4d6614271c6338e589a391582

    • SHA256

      e792b472aba1b5339a61e539fd53cddbede5d09dc590aa2d70eb334aed47652a

    • SHA512

      e7eda0925c91633a16fe59933fb599a58543186ce7cd8403953527d8efb85e07a6015fdc133096c4b8395b77b4be0374de5d8cf1edad2836d7a5e5e0d1426c43

    • SSDEEP

      1536:HYG6B6W5QIvP4/gKvaciMxZlFiv+iE2rs/BvAQ+ayLG:4AW5QIvP4/gKvtiMniGt2riAQ+ayLG

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks