Overview

overview

10

Static

static

41dd4f108a...d3.exe

windows7-x64

10

41dd4f108a...d3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3

  • Size

    79KB

  • Sample

    221124-dxnb7shc2s

  • MD5

    d072c6322f3801ac5716d160b4c85f91

  • SHA1

    796184c1accff04d4a9e97e97cc44a56ccc82eb5

  • SHA256

    41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3

  • SHA512

    7979174f48c7ea64fa35458749c5dca1faa063baccda43a69cdedadafffa2c2b5f13d5e724e2db9abbb5d41437c00504d1a16de4f92959e1e3d13b1469168218

  • SSDEEP

    1536:3lyT1FJoK9k07KpkEuTuNP0n8X3cS0A3PtKkQ4W9LJo3ukNlY3IxOK:3lyhFcJWEuTuNP1XMSN1VQ4WTo3lY3Gl

Score
10/10
njratyoutubeevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Youtube

C2

user882019.dlinkddns.com:426

Mutex

d843798dc61a43adefb14767229d07cf

Attributes
  • reg_key

    d843798dc61a43adefb14767229d07cf

  • splitter

    |'|'|

Targets

    • Target

      41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3

    • Size

      79KB

    • MD5

      d072c6322f3801ac5716d160b4c85f91

    • SHA1

      796184c1accff04d4a9e97e97cc44a56ccc82eb5

    • SHA256

      41dd4f108ac923de565bbb445c76b2bebf4650a8714f0c9e50e0bfd10fd97dd3

    • SHA512

      7979174f48c7ea64fa35458749c5dca1faa063baccda43a69cdedadafffa2c2b5f13d5e724e2db9abbb5d41437c00504d1a16de4f92959e1e3d13b1469168218

    • SSDEEP

      1536:3lyT1FJoK9k07KpkEuTuNP0n8X3cS0A3PtKkQ4W9LJo3ukNlY3IxOK:3lyhFcJWEuTuNP1XMSN1VQ4WTo3lY3Gl

    Score
    10/10
    njratyoutubeevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks