Overview

overview

10

Static

static

10

1cc1c1281b...d3.exe

windows7-x64

10

1cc1c1281b...d3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cc1c1281b0adbcd8d4ab94e2b4f3083a3dc7455e3e49cd19cd460185b3885d3

  • Size

    23KB

  • Sample

    221127-t3139aca37

  • MD5

    9e718fd98508a1e92592ab67b9e12377

  • SHA1

    62df73b0a63959e1c0baf7af58cbeff4a1e2860a

  • SHA256

    1cc1c1281b0adbcd8d4ab94e2b4f3083a3dc7455e3e49cd19cd460185b3885d3

  • SHA512

    4b67d5e7104956154e889fc06353286a8c78365c29f225df81e9081a6afa77ad3237a9e473561a34c02029d199b80eb6512c2cd961b235ce81d6d439d44a9b2e

  • SSDEEP

    384:fST2x0W3qZN2ATtRGCfCo9D46BgnqUhL1ZmRvR6JZlbw8hqIusZzZmK:fth+rdfpRpcnuC

Score
10/10
njrathacked by omar moraevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed By Omar Mora

C2

mora333.ddns.net:5552

Mutex

2b29df679f5c6b293763f5b4e411b491

Attributes
  • reg_key

    2b29df679f5c6b293763f5b4e411b491

  • splitter

    |'|'|

Targets

    • Target

      1cc1c1281b0adbcd8d4ab94e2b4f3083a3dc7455e3e49cd19cd460185b3885d3

    • Size

      23KB

    • MD5

      9e718fd98508a1e92592ab67b9e12377

    • SHA1

      62df73b0a63959e1c0baf7af58cbeff4a1e2860a

    • SHA256

      1cc1c1281b0adbcd8d4ab94e2b4f3083a3dc7455e3e49cd19cd460185b3885d3

    • SHA512

      4b67d5e7104956154e889fc06353286a8c78365c29f225df81e9081a6afa77ad3237a9e473561a34c02029d199b80eb6512c2cd961b235ce81d6d439d44a9b2e

    • SSDEEP

      384:fST2x0W3qZN2ATtRGCfCo9D46BgnqUhL1ZmRvR6JZlbw8hqIusZzZmK:fth+rdfpRpcnuC

    Score
    10/10
    njrathacked by omar moraevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks