Overview

overview

10

Static

static

10

88bcb388d5...6c.exe

windows7-x64

10

88bcb388d5...6c.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88bcb388d5f63a2afa5342ba135daa675b2db66cb3c88756f825c73f1af18c6c

  • Size

    172KB

  • Sample

    221124-2m1rjsgh6z

  • MD5

    7deb2b41e5fd27715f608ceabdd9ae2b

  • SHA1

    d4b03081a7bd074bcf67feca5cac7b72d3058de7

  • SHA256

    88bcb388d5f63a2afa5342ba135daa675b2db66cb3c88756f825c73f1af18c6c

  • SHA512

    be6e040236b5e51fb45b7b5c7b42fd0ab8c5ab1b97a545e091dfcc42475a3282ab85368e2b4f9b90bde927d1f5c20ac07e3dcf9894ab5968d9bbeebf13a78b2f

  • SSDEEP

    3072:9Scwb0MQmRobmkR7HdbsLR8cy2FnFBmy722Vd94O/ILBkMuszHM1tOW7:eRS7E8cdTBRi2Z4vCMusA142

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

279f6960ed84a752570aca7fb2dc1552

Attributes
  • reg_key

    279f6960ed84a752570aca7fb2dc1552

  • splitter

    |'|'|

Targets

    • Target

      88bcb388d5f63a2afa5342ba135daa675b2db66cb3c88756f825c73f1af18c6c

    • Size

      172KB

    • MD5

      7deb2b41e5fd27715f608ceabdd9ae2b

    • SHA1

      d4b03081a7bd074bcf67feca5cac7b72d3058de7

    • SHA256

      88bcb388d5f63a2afa5342ba135daa675b2db66cb3c88756f825c73f1af18c6c

    • SHA512

      be6e040236b5e51fb45b7b5c7b42fd0ab8c5ab1b97a545e091dfcc42475a3282ab85368e2b4f9b90bde927d1f5c20ac07e3dcf9894ab5968d9bbeebf13a78b2f

    • SSDEEP

      3072:9Scwb0MQmRobmkR7HdbsLR8cy2FnFBmy722Vd94O/ILBkMuszHM1tOW7:eRS7E8cdTBRi2Z4vCMusA142

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks