Overview

overview

10

Static

static

10

b62974737c...c1.exe

windows7-x64

10

b62974737c...c1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b62974737cde4fd82e8c918815ba5af11a4bb7c7b4af2d1680c88e5fcb77f1c1

  • Size

    1.2MB

  • Sample

    221128-xn29jshd38

  • MD5

    2938f0df9c213f6b72ad810dd344280c

  • SHA1

    51a6efa00cfd118fe2926bdae1ed941032693490

  • SHA256

    b62974737cde4fd82e8c918815ba5af11a4bb7c7b4af2d1680c88e5fcb77f1c1

  • SHA512

    d5d4f4e33a4a40b0a1482f973fc11ddf4c9dd06b04328e1cb1dd5cab341496e7f3fe2bf3560eac58224ed87ee783d075ab349e792ec97411420d4a2c6d1ac9e3

  • SSDEEP

    24576:RJ/Nr0n4WncacV5NBMwxVFLB+uoQxs2eBS:RPKGjNawxsbQpmS

Score
10/10
modiloadernjratte7chelou by xfackerevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

te7chelou by xfacker

C2

127.0.0.1:5552

Mutex

c633d68267ddc65598b821619897acab

Attributes
  • reg_key

    c633d68267ddc65598b821619897acab

  • splitter

    |'|'|

Targets

    • Target

      b62974737cde4fd82e8c918815ba5af11a4bb7c7b4af2d1680c88e5fcb77f1c1

    • Size

      1.2MB

    • MD5

      2938f0df9c213f6b72ad810dd344280c

    • SHA1

      51a6efa00cfd118fe2926bdae1ed941032693490

    • SHA256

      b62974737cde4fd82e8c918815ba5af11a4bb7c7b4af2d1680c88e5fcb77f1c1

    • SHA512

      d5d4f4e33a4a40b0a1482f973fc11ddf4c9dd06b04328e1cb1dd5cab341496e7f3fe2bf3560eac58224ed87ee783d075ab349e792ec97411420d4a2c6d1ac9e3

    • SSDEEP

      24576:RJ/Nr0n4WncacV5NBMwxVFLB+uoQxs2eBS:RPKGjNawxsbQpmS

    Score
    10/10
    njratte7chelou by xfackertrojanevasionpersistence

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks