Overview

overview

10

Static

static

10

c6d0e07fce...9e.exe

windows7-x64

10

c6d0e07fce...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6d0e07fcebfbea85ffc77c796f87d47048d24e39d0c81e5b881cffcb2aba29e.exe

  • Size

    37KB

  • Sample

    221104-wgygcahdg2

  • MD5

    2817c011989e9651e3b2bc75e2bb0190

  • SHA1

    254230a43c2f92381595a6bb03fe75234efe191e

  • SHA256

    c6d0e07fcebfbea85ffc77c796f87d47048d24e39d0c81e5b881cffcb2aba29e

  • SHA512

    bbc58966bd9c076e1c992b44fa6024a79b3378594a6c548dcf8c17f5fb4c2304ffa0c07addc7e42711fc829f254fd192954807280ea42c4b4ce6880a0f05d309

  • SSDEEP

    384:fOveoixJhl7OHg1WykrppPl48uiX60rAF+rMRTyN/0L+EcoinblneHQM3epzXlNi:2v+R1NkrppqFidrM+rMRa8Nuzwt

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

5.tcp.eu.ngrok.io:17656

Mutex

5c1305f84d4de84c49a562943d8b6467

Attributes
  • reg_key

    5c1305f84d4de84c49a562943d8b6467

  • splitter

    |'|'|

Targets

    • Target

      c6d0e07fcebfbea85ffc77c796f87d47048d24e39d0c81e5b881cffcb2aba29e.exe

    • Size

      37KB

    • MD5

      2817c011989e9651e3b2bc75e2bb0190

    • SHA1

      254230a43c2f92381595a6bb03fe75234efe191e

    • SHA256

      c6d0e07fcebfbea85ffc77c796f87d47048d24e39d0c81e5b881cffcb2aba29e

    • SHA512

      bbc58966bd9c076e1c992b44fa6024a79b3378594a6c548dcf8c17f5fb4c2304ffa0c07addc7e42711fc829f254fd192954807280ea42c4b4ce6880a0f05d309

    • SSDEEP

      384:fOveoixJhl7OHg1WykrppPl48uiX60rAF+rMRTyN/0L+EcoinblneHQM3epzXlNi:2v+R1NkrppqFidrM+rMRa8Nuzwt

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks