Overview

overview

10

Static

static

5

90879c6b4d...63.exe

windows7-x64

10

90879c6b4d...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90879c6b4db8254f1e2ec94ec3ea453977a251c1789e91879a863504c2aaa563

  • Size

    875KB

  • Sample

    221124-169m5afg9z

  • MD5

    0a73ff03793f0b5beb7d2537933033ab

  • SHA1

    9631cedd0844c8c7fb16373c27e0c9ffb7261f9a

  • SHA256

    90879c6b4db8254f1e2ec94ec3ea453977a251c1789e91879a863504c2aaa563

  • SHA512

    4131c9e9bbdd3618cdda5cf00b98f2d2254e63ce6a6d5bafda9bd6430e3c555e6361227bfe89072e83f46e0dd4c8d306b9337570800760bb612917c17517d703

  • SSDEEP

    24576:h4lavt0LkLL9IMixoEgea+8zrcq9MmCS:wkwkn9IMHea+GQaPCS

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      90879c6b4db8254f1e2ec94ec3ea453977a251c1789e91879a863504c2aaa563

    • Size

      875KB

    • MD5

      0a73ff03793f0b5beb7d2537933033ab

    • SHA1

      9631cedd0844c8c7fb16373c27e0c9ffb7261f9a

    • SHA256

      90879c6b4db8254f1e2ec94ec3ea453977a251c1789e91879a863504c2aaa563

    • SHA512

      4131c9e9bbdd3618cdda5cf00b98f2d2254e63ce6a6d5bafda9bd6430e3c555e6361227bfe89072e83f46e0dd4c8d306b9337570800760bb612917c17517d703

    • SSDEEP

      24576:h4lavt0LkLL9IMixoEgea+8zrcq9MmCS:wkwkn9IMHea+GQaPCS

    Score
    10/10
    njratevasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks