Overview

overview

10

Static

static

10

397fe69c6f...e5.exe

windows7-x64

10

397fe69c6f...e5.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    397fe69c6f669d43adc8b86f4e15137ab63d21242a14ece25f0c965ae8e62ae5

  • Size

    23KB

  • Sample

    221125-ztcbeshf2z

  • MD5

    e91d5385e4db5e1c27604744a732856c

  • SHA1

    46d5fe017fad0777a8e31cc88c31cd257c454345

  • SHA256

    397fe69c6f669d43adc8b86f4e15137ab63d21242a14ece25f0c965ae8e62ae5

  • SHA512

    bdf742c442965b20f7a0663f69598a769d51cf43eda3b17f2e9bc49dc9facef9b4651db03b03a721b84fdf928c41f955ef3fe4b693d7e87f9d5fb3754a87fafb

  • SSDEEP

    384:YY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZ4bN:nL2s+tRyRpcnuX5

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

37.107.184.236:5552

Mutex

c17be68626782762eb9356dbc05af059

Attributes
  • reg_key

    c17be68626782762eb9356dbc05af059

  • splitter

    |'|'|

Targets

    • Target

      397fe69c6f669d43adc8b86f4e15137ab63d21242a14ece25f0c965ae8e62ae5

    • Size

      23KB

    • MD5

      e91d5385e4db5e1c27604744a732856c

    • SHA1

      46d5fe017fad0777a8e31cc88c31cd257c454345

    • SHA256

      397fe69c6f669d43adc8b86f4e15137ab63d21242a14ece25f0c965ae8e62ae5

    • SHA512

      bdf742c442965b20f7a0663f69598a769d51cf43eda3b17f2e9bc49dc9facef9b4651db03b03a721b84fdf928c41f955ef3fe4b693d7e87f9d5fb3754a87fafb

    • SSDEEP

      384:YY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZ4bN:nL2s+tRyRpcnuX5

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks