Overview

overview

10

Static

static

533008fd9f...20.exe

windows7-x64

10

533008fd9f...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20

  • Size

    474KB

  • Sample

    221130-twp3eaab61

  • MD5

    aa6b20b8eb7cd91e35570f32de56cdd9

  • SHA1

    422298e0c103218cea13d9d4fd54108e0ce95a5f

  • SHA256

    533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20

  • SHA512

    0cb750429a3653bbba1c42a5f46f824582ac5e81053aba1ea1411e88cb1687423a16d07891feb53da6544d7e3a60f38f019045d8d34d32db7ed477503017373a

  • SSDEEP

    6144:dyoSa8koKuXg+50V8xOwcFl3E37lsuvqodQYyJ:dUabohyV8xOwcHU37euSe

Score
10/10
njrathacked by hidden personevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Botnet

Hacked By HiDDen PerSOn

Mutex

f271907620892e23e0670e3ebb701d01

Attributes
  • reg_key

    f271907620892e23e0670e3ebb701d01

Targets

    • Target

      533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20

    • Size

      474KB

    • MD5

      aa6b20b8eb7cd91e35570f32de56cdd9

    • SHA1

      422298e0c103218cea13d9d4fd54108e0ce95a5f

    • SHA256

      533008fd9fc41cca25323f7d2df21e0dfe666501523c95a0e14f178469095e20

    • SHA512

      0cb750429a3653bbba1c42a5f46f824582ac5e81053aba1ea1411e88cb1687423a16d07891feb53da6544d7e3a60f38f019045d8d34d32db7ed477503017373a

    • SSDEEP

      6144:dyoSa8koKuXg+50V8xOwcFl3E37lsuvqodQYyJ:dUabohyV8xOwcHU37euSe

    Score
    10/10
    njrathacked by hidden personevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks