Overview

overview

10

Static

static

adc330db21...84.exe

windows7-x64

8

adc330db21...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adc330db21deb991339f4448ba8e2a7db493ab866a9929958507e339f23b8f84

  • Size

    280KB

  • Sample

    221123-zjqq3aga9z

  • MD5

    389051ca33b4a3a4a9b11658cad9a2fb

  • SHA1

    07700bc298e0137be832ab74b0790922969a1e85

  • SHA256

    adc330db21deb991339f4448ba8e2a7db493ab866a9929958507e339f23b8f84

  • SHA512

    f56b84c191f03fdf31759888a9538dca0bdb0ef40dd34ce9d1be930eba2c814ae6fde60ae5bb10af19740a1466ad2caaae4bdb744157cb58565b16b8a9d99852

  • SSDEEP

    6144:TTZU1YEcpDmP1YJEr8YMfGNSl4t0xkQ8GU8:vLANYeA9GNq4t4kQ4

Score
10/10
njratevasiontrojan

Malware Config

Targets

    • Target

      adc330db21deb991339f4448ba8e2a7db493ab866a9929958507e339f23b8f84

    • Size

      280KB

    • MD5

      389051ca33b4a3a4a9b11658cad9a2fb

    • SHA1

      07700bc298e0137be832ab74b0790922969a1e85

    • SHA256

      adc330db21deb991339f4448ba8e2a7db493ab866a9929958507e339f23b8f84

    • SHA512

      f56b84c191f03fdf31759888a9538dca0bdb0ef40dd34ce9d1be930eba2c814ae6fde60ae5bb10af19740a1466ad2caaae4bdb744157cb58565b16b8a9d99852

    • SSDEEP

      6144:TTZU1YEcpDmP1YJEr8YMfGNSl4t0xkQ8GU8:vLANYeA9GNq4t4kQ4

    Score
    10/10
    evasionnjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks