Overview

overview

10

Static

static

73a15cef69...91.exe

windows7-x64

10

73a15cef69...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73a15cef6999806e930285b078c192a8c5ec8a496f7d77c60fee53ac11865191

  • Size

    219KB

  • Sample

    221125-jhy32sbe84

  • MD5

    0e596efe9a8bbb4d233ff54ac93c1383

  • SHA1

    e8e9396a91e551fb43eb43e33369bf0416bdbabe

  • SHA256

    73a15cef6999806e930285b078c192a8c5ec8a496f7d77c60fee53ac11865191

  • SHA512

    e70e064fe15699e06c65ae83ff0532c74c94e488e4303b4144d3cc17eae10bfb1742b5f45aedf3f1d6f83734ce34f75a5631bfe285fa1edc5da3cb15780daa31

  • SSDEEP

    6144:zV8xLIQ/j6TIZNhGWaOF33OWSkp1jyC37:xoMHUHKOxO+

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked

C2

kissme1988.no-ip.biz:5552

Mutex

dc57475995c921da5a2603cdc0101794

Attributes
  • reg_key

    dc57475995c921da5a2603cdc0101794

  • splitter

    |'|'|

Targets

    • Target

      73a15cef6999806e930285b078c192a8c5ec8a496f7d77c60fee53ac11865191

    • Size

      219KB

    • MD5

      0e596efe9a8bbb4d233ff54ac93c1383

    • SHA1

      e8e9396a91e551fb43eb43e33369bf0416bdbabe

    • SHA256

      73a15cef6999806e930285b078c192a8c5ec8a496f7d77c60fee53ac11865191

    • SHA512

      e70e064fe15699e06c65ae83ff0532c74c94e488e4303b4144d3cc17eae10bfb1742b5f45aedf3f1d6f83734ce34f75a5631bfe285fa1edc5da3cb15780daa31

    • SSDEEP

      6144:zV8xLIQ/j6TIZNhGWaOF33OWSkp1jyC37:xoMHUHKOxO+

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks