Overview

overview

10

Static

static

5

50f9861e85...80.exe

windows7-x64

10

50f9861e85...80.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    50f9861e85b8ce6b9c5cb32ded0898e51d0113d5c3d9528c0d2b9d3406d8b980

  • Size

    1.5MB

  • Sample

    221029-q9x4dshgh5

  • MD5

    f9c069f962cd75899edb4f91157224cf

  • SHA1

    3f0c34980c37ff179e009a2c6421abb89209623d

  • SHA256

    50f9861e85b8ce6b9c5cb32ded0898e51d0113d5c3d9528c0d2b9d3406d8b980

  • SHA512

    448e46d1022f5f6fb1f5bae9d77cc2df7850f266853cf16127f0785cc1c4277550a82a33dab4cc33d361681f8ef63ca3655eeed98472e82f41db9ada6b193de9

  • SSDEEP

    24576:Xtb20pkaCqT5TBWgNQ7aGmv1ldfswHWbkRH/9eytHj6A:UVg5tQ7a3rLyQH5

Score
10/10
njratالساهريevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

الساهري

C2

127.0.0.1:2003

Mutex

871421cd1794bc00d2298dbe130a3b3c

Attributes
  • reg_key

    871421cd1794bc00d2298dbe130a3b3c

  • splitter

    |'|'|

Targets

    • Target

      50f9861e85b8ce6b9c5cb32ded0898e51d0113d5c3d9528c0d2b9d3406d8b980

    • Size

      1.5MB

    • MD5

      f9c069f962cd75899edb4f91157224cf

    • SHA1

      3f0c34980c37ff179e009a2c6421abb89209623d

    • SHA256

      50f9861e85b8ce6b9c5cb32ded0898e51d0113d5c3d9528c0d2b9d3406d8b980

    • SHA512

      448e46d1022f5f6fb1f5bae9d77cc2df7850f266853cf16127f0785cc1c4277550a82a33dab4cc33d361681f8ef63ca3655eeed98472e82f41db9ada6b193de9

    • SSDEEP

      24576:Xtb20pkaCqT5TBWgNQ7aGmv1ldfswHWbkRH/9eytHj6A:UVg5tQ7a3rLyQH5

    Score
    10/10
    njratالساهريevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks