Overview

overview

10

Static

static

10

5db0b3e7ff...c4.exe

windows7-x64

10

5db0b3e7ff...c4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5db0b3e7ff016feb771875a6d347d88940b7ecda6a5fe97f2f73fbeea28497c4

  • Size

    29KB

  • Sample

    221020-yztxzsdag3

  • MD5

    78cf963c253edc60388a13f8c71f4e70

  • SHA1

    2f9b848c1b83c038c067978e5aff3e249473a8cc

  • SHA256

    5db0b3e7ff016feb771875a6d347d88940b7ecda6a5fe97f2f73fbeea28497c4

  • SHA512

    56435a0e95251be5dee9276d3814bbe502ffb59755c8fffe19bd6afce042fce200946b6844aaa8f6c2583d99c24b7512da15f8d3610fb0ce5c7c4565f795f16a

  • SSDEEP

    768:2W7RmpgGD1B99D8qbILeuBKh0p29SgR0u:X7RcIcIrKhG29j0u

Score
10/10
njratvitimapbevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

VITIMAPB

C2

hackpb85.no-ip.org:1177

Mutex

23556fb1360f366337f97c924e76ead3

Attributes
  • reg_key

    23556fb1360f366337f97c924e76ead3

  • splitter

    |'|'|

Targets

    • Target

      5db0b3e7ff016feb771875a6d347d88940b7ecda6a5fe97f2f73fbeea28497c4

    • Size

      29KB

    • MD5

      78cf963c253edc60388a13f8c71f4e70

    • SHA1

      2f9b848c1b83c038c067978e5aff3e249473a8cc

    • SHA256

      5db0b3e7ff016feb771875a6d347d88940b7ecda6a5fe97f2f73fbeea28497c4

    • SHA512

      56435a0e95251be5dee9276d3814bbe502ffb59755c8fffe19bd6afce042fce200946b6844aaa8f6c2583d99c24b7512da15f8d3610fb0ce5c7c4565f795f16a

    • SSDEEP

      768:2W7RmpgGD1B99D8qbILeuBKh0p29SgR0u:X7RcIcIrKhG29j0u

    Score
    10/10
    njratvitimapbevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks