Overview

overview

10

Static

static

2e7e753f3c...f2.exe

windows7-x64

10

2e7e753f3c...f2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2

  • Size

    19KB

  • Sample

    221204-s6kd8sce77

  • MD5

    1b2f439fa72d529f7566399ee1f37f50

  • SHA1

    78366821e311104f1e6c994b659d7e0469076bed

  • SHA256

    2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2

  • SHA512

    5bcfe0dbaf5c0d869d8e9d1d10199006b2a82c3779d7ae1ee3f99f0d427ffdb534df39b2765e31146e9f273fd808d003a7ee29ab1961f3517f89f77540b0dd33

  • SSDEEP

    384:XSnwCNMB4mmK0Nd02ax4yfG1uJKTzg0kkp:invNMD0d0z4yfG1chkp

Score
10/10
njratahmedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

AhMeD

C2

a3b4.no-ip.org:1188

Mutex

d5a38e9b5f206c41f8851bf04a251d26

Attributes
  • reg_key

    d5a38e9b5f206c41f8851bf04a251d26

  • splitter

    |'|'|

Targets

    • Target

      2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2

    • Size

      19KB

    • MD5

      1b2f439fa72d529f7566399ee1f37f50

    • SHA1

      78366821e311104f1e6c994b659d7e0469076bed

    • SHA256

      2e7e753f3cd6d7e363ec302d09eded0548b5d54e53b67bf0ff8c275c772e8ef2

    • SHA512

      5bcfe0dbaf5c0d869d8e9d1d10199006b2a82c3779d7ae1ee3f99f0d427ffdb534df39b2765e31146e9f273fd808d003a7ee29ab1961f3517f89f77540b0dd33

    • SSDEEP

      384:XSnwCNMB4mmK0Nd02ax4yfG1uJKTzg0kkp:invNMD0d0z4yfG1chkp

    Score
    10/10
    njratahmedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks