Overview

overview

10

Static

static

0b81958a6c...4d.exe

windows7-x64

10

0b81958a6c...4d.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0b81958a6c8f0cd040e6df224c88f86e25c1313dad378e2260e17f0b840a034d

  • Size

    264KB

  • Sample

    221127-wp3q2acb2y

  • MD5

    82e7c96644d1bd19af36722b0e8980ae

  • SHA1

    fc222282765a32ae10d76b945e90b94e621d0904

  • SHA256

    0b81958a6c8f0cd040e6df224c88f86e25c1313dad378e2260e17f0b840a034d

  • SHA512

    e00e4d09a1dd96f9454fb44091e388be07e7d1930c7b9641042c8912f145869de88f0c3b279a6db3fd181e6755983c5ed42ec008827be67856b123e53253b48c

  • SSDEEP

    3072:lUMWTlFryAxdI13Wn1NDDr8n+bED1gx9xoatzxpWn:8hFrFeiXHY+bED1gH2atzX

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

dead666hacker.no-ip.biz:5553

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      0b81958a6c8f0cd040e6df224c88f86e25c1313dad378e2260e17f0b840a034d

    • Size

      264KB

    • MD5

      82e7c96644d1bd19af36722b0e8980ae

    • SHA1

      fc222282765a32ae10d76b945e90b94e621d0904

    • SHA256

      0b81958a6c8f0cd040e6df224c88f86e25c1313dad378e2260e17f0b840a034d

    • SHA512

      e00e4d09a1dd96f9454fb44091e388be07e7d1930c7b9641042c8912f145869de88f0c3b279a6db3fd181e6755983c5ed42ec008827be67856b123e53253b48c

    • SSDEEP

      3072:lUMWTlFryAxdI13Wn1NDDr8n+bED1gx9xoatzxpWn:8hFrFeiXHY+bED1gH2atzX

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks