Overview

overview

10

Static

static

5

868ef975f2...88.exe

windows7-x64

10

868ef975f2...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788

  • Size

    999KB

  • Sample

    221127-s9k5yadc8x

  • MD5

    6a64f58c435d14c0321158f786e9f678

  • SHA1

    569ac424bfc990ae89befdb160eaaf2eb00ac630

  • SHA256

    868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788

  • SHA512

    ea93c57fb06fe229a402ad90d03354faf648a501de467c148bbdaa48ad9663a8c6c6103ec2f3db367014e1e693ea9087f7bd168b4f0cfbe240d9060701ed3dad

  • SSDEEP

    24576:Xtb20pkaCqT5TBWgNQ7axv9i3d/soW6A:UVg5tQ7axI3eP5

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HaCkEd

C2

njrat-serv.ddns.net:1177

Mutex

a2b2eed38adf2ef6969163ed40a2f666

Attributes
  • reg_key

    a2b2eed38adf2ef6969163ed40a2f666

  • splitter

    |'|'|

Targets

    • Target

      868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788

    • Size

      999KB

    • MD5

      6a64f58c435d14c0321158f786e9f678

    • SHA1

      569ac424bfc990ae89befdb160eaaf2eb00ac630

    • SHA256

      868ef975f2fce5e2058a7097ea6dd3c2bb21a56a8d59207033319eb4a4259788

    • SHA512

      ea93c57fb06fe229a402ad90d03354faf648a501de467c148bbdaa48ad9663a8c6c6103ec2f3db367014e1e693ea9087f7bd168b4f0cfbe240d9060701ed3dad

    • SSDEEP

      24576:Xtb20pkaCqT5TBWgNQ7axv9i3d/soW6A:UVg5tQ7axI3eP5

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks