Overview

overview

10

Static

static

9088a4a98c...c4.exe

windows7-x64

10

9088a4a98c...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4

  • Size

    214KB

  • Sample

    221124-eye8nagg55

  • MD5

    871a3bc78da35b8fb741767ca5b913f9

  • SHA1

    417d92e9ca258460fa139008bb9ecd609d7066d6

  • SHA256

    9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4

  • SHA512

    92d4f900cf0fa35487d300f5692e73ea1bee07d3bbdd3b0344833c6937091e96545b5969db6f9fb68b39b1525527075ff291081679e103a6c0acd6dc6be02e6b

  • SSDEEP

    6144:GO7OEm960r90zd7qr9pJdHcy805rYYG6cY3:D6xSz1qHfHcyBBLG83

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

njrat7p.no-ip.org:5552

Mutex

9036b40d3b738ec82d6d7fa0c2c48267

Attributes
  • reg_key

    9036b40d3b738ec82d6d7fa0c2c48267

  • splitter

    |'|'|

Targets

    • Target

      9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4

    • Size

      214KB

    • MD5

      871a3bc78da35b8fb741767ca5b913f9

    • SHA1

      417d92e9ca258460fa139008bb9ecd609d7066d6

    • SHA256

      9088a4a98ca2b0862d34cb18267cb25b4435bef947fe8bd3071b1222f7b774c4

    • SHA512

      92d4f900cf0fa35487d300f5692e73ea1bee07d3bbdd3b0344833c6937091e96545b5969db6f9fb68b39b1525527075ff291081679e103a6c0acd6dc6be02e6b

    • SSDEEP

      6144:GO7OEm960r90zd7qr9pJdHcy805rYYG6cY3:D6xSz1qHfHcyBBLG83

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks