Overview

overview

10

Static

static

10

cd904c2689...d0.exe

windows7-x64

10

cd904c2689...d0.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd904c26898bafc784c8478b8535cff623f4f42c80bae27d97307fb3b90397d0

  • Size

    752KB

  • Sample

    221123-tbzfcagf8s

  • MD5

    453ad7a8f4bf0ffedc5ef0e45b73510c

  • SHA1

    1b1bff14df6326f46b355aafdb988c8f92b6fe4b

  • SHA256

    cd904c26898bafc784c8478b8535cff623f4f42c80bae27d97307fb3b90397d0

  • SHA512

    0add258f4118d01f5cbd74075a69f99ff366e8f470a6ee7fdded75716c72ac13fa630c63a2652e2bd42e1d19c398e1ac8930c32e2eb83350ff9414b316b62bcb

  • SSDEEP

    12288:KS2hAvVLLjdwYXQcToP3K7yvwZxtduJfP5W/61MPKt38Tzgjo2qF7:0ALLjd3XQcUIN0NBW/6FSUM2G

Score
10/10
njrathacked_by_mohamed_adelevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed_By_Mohamed_adel

C2

192.168.1.4:5552

Mutex

9e5db6b5a8766217d14c2d56de95562b

Attributes
  • reg_key

    9e5db6b5a8766217d14c2d56de95562b

  • splitter

    |'|'|

Targets

    • Target

      cd904c26898bafc784c8478b8535cff623f4f42c80bae27d97307fb3b90397d0

    • Size

      752KB

    • MD5

      453ad7a8f4bf0ffedc5ef0e45b73510c

    • SHA1

      1b1bff14df6326f46b355aafdb988c8f92b6fe4b

    • SHA256

      cd904c26898bafc784c8478b8535cff623f4f42c80bae27d97307fb3b90397d0

    • SHA512

      0add258f4118d01f5cbd74075a69f99ff366e8f470a6ee7fdded75716c72ac13fa630c63a2652e2bd42e1d19c398e1ac8930c32e2eb83350ff9414b316b62bcb

    • SSDEEP

      12288:KS2hAvVLLjdwYXQcToP3K7yvwZxtduJfP5W/61MPKt38Tzgjo2qF7:0ALLjd3XQcUIN0NBW/6FSUM2G

    Score
    10/10
    njrathacked_by_mohamed_adelevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks