Overview

overview

10

Static

static

b817519eb3...1f.exe

windows7-x64

8

b817519eb3...1f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b817519eb346c3fa68f0180e01779c1f.exe

  • Size

    86KB

  • Sample

    221206-massvagg83

  • MD5

    b817519eb346c3fa68f0180e01779c1f

  • SHA1

    216a931546447127a9d81f200fb44516cf6d6db4

  • SHA256

    f2021ceca3639fbf45dbb56764465a1ec1211eed46e348d31dfa17344715253e

  • SHA512

    4c9cde63b722310df0650577c8118d42b10d12366737e44f6bfbd9a428686bd78776958d4b8b7f9d49ee2783af1ec1304da7400d5001eed10805f93cc74443ac

  • SSDEEP

    1536:UXYwc+0L/Z87cXVLoNJsGEpRnYR3oz/KFJSy6l15zdkNI1p3yA/Lq1cYgK:2vc+cy7cpoNJrEpJEowerkShLI

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      b817519eb346c3fa68f0180e01779c1f.exe

    • Size

      86KB

    • MD5

      b817519eb346c3fa68f0180e01779c1f

    • SHA1

      216a931546447127a9d81f200fb44516cf6d6db4

    • SHA256

      f2021ceca3639fbf45dbb56764465a1ec1211eed46e348d31dfa17344715253e

    • SHA512

      4c9cde63b722310df0650577c8118d42b10d12366737e44f6bfbd9a428686bd78776958d4b8b7f9d49ee2783af1ec1304da7400d5001eed10805f93cc74443ac

    • SSDEEP

      1536:UXYwc+0L/Z87cXVLoNJsGEpRnYR3oz/KFJSy6l15zdkNI1p3yA/Lq1cYgK:2vc+cy7cpoNJrEpJEowerkShLI

    Score
    10/10
    evasionpersistencenjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks