Overview

overview

10

Static

static

2df351f2e7...aa.exe

windows7-x64

10

2df351f2e7...aa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2df351f2e7e6f1340f81c6431e88fb2b78f2eaefce58763e7bfd5214985aeaaa

  • Size

    356KB

  • Sample

    221126-2mqataeb5x

  • MD5

    779f561dc93adbf2b40e92ac374f7cf5

  • SHA1

    562ca1be06ff75f55893fa5472abbf7bb9fa6625

  • SHA256

    2df351f2e7e6f1340f81c6431e88fb2b78f2eaefce58763e7bfd5214985aeaaa

  • SHA512

    d1a3f889c6f60b49d07519ddc73f9108012c8e4b81a01328ac75400bd10888428fed84c81a32da3ff00644e3149ba8ad4fd9720d2bb4c0819619e9f9f2069501

  • SSDEEP

    6144:9LM3L6hWtnvqI6vzkGTxapOEBqa5tXc8s:hMbaWtn6vzkYmVjC8s

Score
10/10
njratfbautoliker103evasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

FBautoliker103

C2

182.191.88.102:5555

Mutex

246bc91174535f2c90a8931dec64f396

Attributes
  • reg_key

    246bc91174535f2c90a8931dec64f396

  • splitter

    |'|'|

Targets

    • Target

      2df351f2e7e6f1340f81c6431e88fb2b78f2eaefce58763e7bfd5214985aeaaa

    • Size

      356KB

    • MD5

      779f561dc93adbf2b40e92ac374f7cf5

    • SHA1

      562ca1be06ff75f55893fa5472abbf7bb9fa6625

    • SHA256

      2df351f2e7e6f1340f81c6431e88fb2b78f2eaefce58763e7bfd5214985aeaaa

    • SHA512

      d1a3f889c6f60b49d07519ddc73f9108012c8e4b81a01328ac75400bd10888428fed84c81a32da3ff00644e3149ba8ad4fd9720d2bb4c0819619e9f9f2069501

    • SSDEEP

      6144:9LM3L6hWtnvqI6vzkGTxapOEBqa5tXc8s:hMbaWtn6vzkYmVjC8s

    Score
    10/10
    njratfbautoliker103evasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks