Overview

overview

10

Static

static

7471608bfd...a5.exe

windows7-x64

10

7471608bfd...a5.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7471608bfd253164064f1c3a81021ba971fab0a53326c9d16f25b80c8559afa5

  • Size

    449KB

  • Sample

    221003-rnqmvsaham

  • MD5

    55451c97044f34a04bdec331e8683b60

  • SHA1

    b57ed0ff7ab076e8fd365da17c43e3e41660396d

  • SHA256

    7471608bfd253164064f1c3a81021ba971fab0a53326c9d16f25b80c8559afa5

  • SHA512

    68405cea40e57541ea66ab8573ad59a28df798991b945f7645bfec62e08c735a13001529e870846107c8329ff62b7bafcbfbe15c96e0de7f3c4725f2b9473767

  • SSDEEP

    3072:exH+sKG5uRmeBJe+dcVFsIwvsex0TBGXp6a+bM8m2B+kTJEDPLTOoqDZE/IOIFKR:ep+sv9R4254+bM8m2UkeL3nQclL9

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

aiss123.no-ip.biz:1177

Mutex

babe8364d0b44de2ea6e4bcccd70281e

Attributes
  • reg_key

    babe8364d0b44de2ea6e4bcccd70281e

  • splitter

    |'|'|

Targets

    • Target

      7471608bfd253164064f1c3a81021ba971fab0a53326c9d16f25b80c8559afa5

    • Size

      449KB

    • MD5

      55451c97044f34a04bdec331e8683b60

    • SHA1

      b57ed0ff7ab076e8fd365da17c43e3e41660396d

    • SHA256

      7471608bfd253164064f1c3a81021ba971fab0a53326c9d16f25b80c8559afa5

    • SHA512

      68405cea40e57541ea66ab8573ad59a28df798991b945f7645bfec62e08c735a13001529e870846107c8329ff62b7bafcbfbe15c96e0de7f3c4725f2b9473767

    • SSDEEP

      3072:exH+sKG5uRmeBJe+dcVFsIwvsex0TBGXp6a+bM8m2B+kTJEDPLTOoqDZE/IOIFKR:ep+sv9R4254+bM8m2UkeL3nQclL9

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks