Overview

overview

10

Static

static

10

203908fecf...0b.exe

windows7-x64

10

203908fecf...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    203908fecf76e8f5b21ffb093cf2347eaf235fa2212e44bb023c9ee73ae6710b

  • Size

    23KB

  • Sample

    221126-kmv3mafb69

  • MD5

    ab076fa27a284d29152b8273a82b95b4

  • SHA1

    4bfa210f44c47050b0ff92ca7c76a4225edb9150

  • SHA256

    203908fecf76e8f5b21ffb093cf2347eaf235fa2212e44bb023c9ee73ae6710b

  • SHA512

    38940c5510fd4169057f5dfa3e54eef7683649a8cb84794772562317d8d947e9a6a16d781b79262eff6d3f408ac008b05767fe8354da100c9dedb0b4fde9609f

  • SSDEEP

    384:ScqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZYqA:F30py6vhxaRpcnuHb

Score
10/10
njratbotevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Bot

C2

smuktnet.ddns.net:5552

Mutex

ae4562ec1d4d0afd82039ca2517bd6df

Attributes
  • reg_key

    ae4562ec1d4d0afd82039ca2517bd6df

  • splitter

    |'|'|

Targets

    • Target

      203908fecf76e8f5b21ffb093cf2347eaf235fa2212e44bb023c9ee73ae6710b

    • Size

      23KB

    • MD5

      ab076fa27a284d29152b8273a82b95b4

    • SHA1

      4bfa210f44c47050b0ff92ca7c76a4225edb9150

    • SHA256

      203908fecf76e8f5b21ffb093cf2347eaf235fa2212e44bb023c9ee73ae6710b

    • SHA512

      38940c5510fd4169057f5dfa3e54eef7683649a8cb84794772562317d8d947e9a6a16d781b79262eff6d3f408ac008b05767fe8354da100c9dedb0b4fde9609f

    • SSDEEP

      384:ScqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZYqA:F30py6vhxaRpcnuHb

    Score
    10/10
    njratbotevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks