Overview

overview

10

Static

static

10

bHFx.exe

windows7-x64

10

bHFx.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bHFx.exe

  • Size

    25KB

  • Sample

    221206-fb9dnacd81

  • MD5

    670f19e1086c223bd3202424633fbaa5

  • SHA1

    66e805de53d9d0295d15b2ba155d642b899a83bf

  • SHA256

    e39d341d68706a30f3573e29f69c70109789546fafad1471c89c719a9d8f00c9

  • SHA512

    3ef5f4fb19e7105032e6655ada3df3a170f3087ab1d09d3d92bb1b3a77463d461c9d5f6d9f614c85c0d84ee5230d73adf47331f6a14fd041775b852c8d4b3b14

  • SSDEEP

    384:9LhzkaJcPknNlxlehKNOYUikkdIVYlvM3iY2OzRLTm3yilqq6xNUtVvZ:tK0cu3reOELGlvqisFmVvZ

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d By Pjoao1578

Botnet

HacKed

C2

https://pastebin.com/raw/WKEdYjeM:7000

Mutex

6a2634340fbf8a0a2c038c6263d49fd1

Attributes
  • reg_key

    6a2634340fbf8a0a2c038c6263d49fd1

  • splitter

    |'|'|

Targets

    • Target

      bHFx.exe

    • Size

      25KB

    • MD5

      670f19e1086c223bd3202424633fbaa5

    • SHA1

      66e805de53d9d0295d15b2ba155d642b899a83bf

    • SHA256

      e39d341d68706a30f3573e29f69c70109789546fafad1471c89c719a9d8f00c9

    • SHA512

      3ef5f4fb19e7105032e6655ada3df3a170f3087ab1d09d3d92bb1b3a77463d461c9d5f6d9f614c85c0d84ee5230d73adf47331f6a14fd041775b852c8d4b3b14

    • SSDEEP

      384:9LhzkaJcPknNlxlehKNOYUikkdIVYlvM3iY2OzRLTm3yilqq6xNUtVvZ:tK0cu3reOELGlvqisFmVvZ

    Score
    10/10
    njrathackedtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks