Overview

overview

10

Static

static

4c8977c17d...71.exe

windows7-x64

10

4c8977c17d...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c8977c17d7a2022b059cbf04c07aac73b49f3822a760e03f6e9ff83f34f6771

  • Size

    740KB

  • Sample

    221121-sp5c3saf6y

  • MD5

    49c503f108a8d690e917ce8937b1fc10

  • SHA1

    4fff4209e2bbd21720887f20917e39f0dff617e8

  • SHA256

    4c8977c17d7a2022b059cbf04c07aac73b49f3822a760e03f6e9ff83f34f6771

  • SHA512

    4529a38d498d4a929d92264745b46aae993fc09b5a894f21cc46a02b78de51d04d7889dff1b4611ec7e1f81cd54861b1d7f79ff2f7001dd9aecbfd538dcb8eeb

  • SSDEEP

    12288:tSIiCyhy8QhOnE/4JSIiCyhy8QhOnE/4jXLnyLdS:WLYLN3

Score
10/10
njratmicrosoftpersistencephishingtrojan

Malware Config

Targets

    • Target

      4c8977c17d7a2022b059cbf04c07aac73b49f3822a760e03f6e9ff83f34f6771

    • Size

      740KB

    • MD5

      49c503f108a8d690e917ce8937b1fc10

    • SHA1

      4fff4209e2bbd21720887f20917e39f0dff617e8

    • SHA256

      4c8977c17d7a2022b059cbf04c07aac73b49f3822a760e03f6e9ff83f34f6771

    • SHA512

      4529a38d498d4a929d92264745b46aae993fc09b5a894f21cc46a02b78de51d04d7889dff1b4611ec7e1f81cd54861b1d7f79ff2f7001dd9aecbfd538dcb8eeb

    • SSDEEP

      12288:tSIiCyhy8QhOnE/4JSIiCyhy8QhOnE/4jXLnyLdS:WLYLN3

    Score
    10/10
    njrattrojanmicrosoftpersistencephishing

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks