Overview

overview

10

Static

static

f249100f36...12.exe

windows7-x64

10

f249100f36...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712

  • Size

    156KB

  • Sample

    221128-w1yapabd21

  • MD5

    8a82e2eeadc35797cce2693829faea6b

  • SHA1

    b72f2c193760316e460d72fa810733a071eb4a9b

  • SHA256

    f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712

  • SHA512

    a1324c7e38d34a1791f1928fcf04a7d68adcf0034a5f8587ea97ddf97a902f110f310824d7c01f8729c365824ed4abbe5bc37a0edc52f2e7fea1d9080965157b

  • SSDEEP

    3072:Wfsz/rx2+/PMBIqzdNdcxbBhlv3hXqBGsb0lEhaJiq1jtQAiZrmN:EsXxl/PMB9iTPxqIsbbhQ1yAr

Score
10/10
njratedddevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

eddd

C2

mike.blogsyte.com:9003

Mutex

d26a615b5b8cb345ade630f3f28a2b75

Attributes
  • reg_key

    d26a615b5b8cb345ade630f3f28a2b75

  • splitter

    |'|'|

Targets

    • Target

      f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712

    • Size

      156KB

    • MD5

      8a82e2eeadc35797cce2693829faea6b

    • SHA1

      b72f2c193760316e460d72fa810733a071eb4a9b

    • SHA256

      f249100f3605ab02c8eb67d9fbced3efcf573fa6d14067509419720062f77712

    • SHA512

      a1324c7e38d34a1791f1928fcf04a7d68adcf0034a5f8587ea97ddf97a902f110f310824d7c01f8729c365824ed4abbe5bc37a0edc52f2e7fea1d9080965157b

    • SSDEEP

      3072:Wfsz/rx2+/PMBIqzdNdcxbBhlv3hXqBGsb0lEhaJiq1jtQAiZrmN:EsXxl/PMB9iTPxqIsbbhQ1yAr

    Score
    10/10
    njratedddevasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops file in Drivers directory

    • Modifies Windows Firewall

      evasion

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks