Overview

overview

10

Static

static

337723436c...bd.exe

windows7-x64

10

337723436c...bd.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    337723436c48fe8714dccace5fcb42e8e95df67cf62c4fb11e1e8f96c52198bd

  • Size

    222KB

  • Sample

    221022-mvb1tsced2

  • MD5

    bc1559403aa75ae85ee806f9ac29fa6a

  • SHA1

    89b5b9763d946c0e756d67040ef3410ba4ff2914

  • SHA256

    337723436c48fe8714dccace5fcb42e8e95df67cf62c4fb11e1e8f96c52198bd

  • SHA512

    d666d0adf1baf7f815ac9d2012b5047c88aa50acb4e8fe8529d5e78afc1d3a8a5ede19cd49fa697441a06b9399593ed4d3ab100daaccbd717331a01e1ad8f9a0

  • SSDEEP

    3072:0/OMHqrk8puPS9fUYFs2YoTYeu+SwepQnG0wQUNa5GDOixwn6ZaThFUccC:kkDpsc5PneNNxweihW

Score
10/10
njrathackevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacK

C2

samuli.ddns.net:80

Mutex

93f19dda2412c86ad7520ba4198f39a0

Attributes
  • reg_key

    93f19dda2412c86ad7520ba4198f39a0

  • splitter

    |'|'|

Targets

    • Target

      337723436c48fe8714dccace5fcb42e8e95df67cf62c4fb11e1e8f96c52198bd

    • Size

      222KB

    • MD5

      bc1559403aa75ae85ee806f9ac29fa6a

    • SHA1

      89b5b9763d946c0e756d67040ef3410ba4ff2914

    • SHA256

      337723436c48fe8714dccace5fcb42e8e95df67cf62c4fb11e1e8f96c52198bd

    • SHA512

      d666d0adf1baf7f815ac9d2012b5047c88aa50acb4e8fe8529d5e78afc1d3a8a5ede19cd49fa697441a06b9399593ed4d3ab100daaccbd717331a01e1ad8f9a0

    • SSDEEP

      3072:0/OMHqrk8puPS9fUYFs2YoTYeu+SwepQnG0wQUNa5GDOixwn6ZaThFUccC:kkDpsc5PneNNxweihW

    Score
    10/10
    njrathackevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks