Overview

overview

10

Static

static

10

406e919f11...7c.exe

windows7-x64

10

406e919f11...7c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c

  • Size

    36KB

  • Sample

    221125-jv4t3aga4t

  • MD5

    3f372e7a22a7a5c24e5f474de961639b

  • SHA1

    0da76f4e4c8745ce09cc4c5d875c50148dab8e88

  • SHA256

    406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c

  • SHA512

    652902d51aaef62323e8d0096b48b6a3be733ebfe77fec3fce6d67bf5dde12634c8f6f71c9501959a35e9232abd9a78881e886849f49f9fef9f170b57eea25ba

  • SSDEEP

    384:dI2SUwXh0ZbAzlRGCvkodj46hgHK0hrV5mRvR6JZlbw8hqIusZzZEChEJlbz602c:CbhEkdvXRpcnuchEJVzcJAaOu0GG

Score
10/10
njratsubway surfersevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Subway Surfers

C2

daiodsaber.no-ip.biz:5552

Mutex

b9da61d8a029b19f539cf3803f98e1cd

Attributes
  • reg_key

    b9da61d8a029b19f539cf3803f98e1cd

  • splitter

    |'|'|

Targets

    • Target

      406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c

    • Size

      36KB

    • MD5

      3f372e7a22a7a5c24e5f474de961639b

    • SHA1

      0da76f4e4c8745ce09cc4c5d875c50148dab8e88

    • SHA256

      406e919f118006fd7175c0e2df9cb329bdcca29ac0086638c4599f133c16547c

    • SHA512

      652902d51aaef62323e8d0096b48b6a3be733ebfe77fec3fce6d67bf5dde12634c8f6f71c9501959a35e9232abd9a78881e886849f49f9fef9f170b57eea25ba

    • SSDEEP

      384:dI2SUwXh0ZbAzlRGCvkodj46hgHK0hrV5mRvR6JZlbw8hqIusZzZEChEJlbz602c:CbhEkdvXRpcnuchEJVzcJAaOu0GG

    Score
    10/10
    njratsubway surfersevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks