Overview

overview

10

Static

static

10

c8ef20422c...e6.exe

windows7-x64

10

c8ef20422c...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6

  • Size

    166KB

  • Sample

    221004-dsdxzaaddr

  • MD5

    67883f8a4f7243bbf4f5bcd30ac0fd7d

  • SHA1

    461d4783878d207900dff1043bdb5f2cdcd8165e

  • SHA256

    c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6

  • SHA512

    f4aeb17bd4629930d9990c6c2f2e8f33de901a1ace957799752dcbbbf73bdf11829c6d15f75f70e5977a6f23872297928b1330201aef9afc8af4f6e46e561dfe

  • SSDEEP

    1536:9keWklluiIPOuaxrgJeu4a6IM8YgPAdmRUcTOZYAC1nlqCSk5kHyiWji1NL:9/XuDt4Neq

Score
10/10
modiloadernjrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6

    • Size

      166KB

    • MD5

      67883f8a4f7243bbf4f5bcd30ac0fd7d

    • SHA1

      461d4783878d207900dff1043bdb5f2cdcd8165e

    • SHA256

      c8ef20422c8a0df56ec877110587b5e86ad4d4719f5dc4ddfcf8ec5580ab91e6

    • SHA512

      f4aeb17bd4629930d9990c6c2f2e8f33de901a1ace957799752dcbbbf73bdf11829c6d15f75f70e5977a6f23872297928b1330201aef9afc8af4f6e46e561dfe

    • SSDEEP

      1536:9keWklluiIPOuaxrgJeu4a6IM8YgPAdmRUcTOZYAC1nlqCSk5kHyiWji1NL:9/XuDt4Neq

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks