Overview

overview

10

Static

static

10

Backdoor.M...nt.exe

windows7-x64

8

Backdoor.M...nt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Backdoor.MSIL.Agent.jdt-72fd107044ae159a7a80813fe902a132f12eedd01c63fd9e506cf05e088e7491

  • Size

    89KB

  • Sample

    221229-sx43aagf2s

  • MD5

    f54eea2b9a7c0259b87a5303a526d818

  • SHA1

    641fcc96b0e288f7c5b1d0b94d6be1be2939e38e

  • SHA256

    72fd107044ae159a7a80813fe902a132f12eedd01c63fd9e506cf05e088e7491

  • SHA512

    36d1fb8553f454b1edbd719d4805e3d120b243960fb82ff640e52e3d3c9710a8761128079f981da011ad931c1117c0d7317f051bd4fd71a5bad93b7862dafde5

  • SSDEEP

    384:W8aZYC9twBNdcvFaly2H0dbJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZVPe+8tp:AY+sNKqNHnSdRpcnu+REgTK

Score
10/10
njratlow3nevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Low3n

C2

192.168.100.58:443

Mutex

e4c7f2e5b82fac0d624ab661f39b28fa

Attributes
  • reg_key

    e4c7f2e5b82fac0d624ab661f39b28fa

  • splitter

    |'|'|

Targets

    • Target

      Backdoor.MSIL.Agent.jdt-72fd107044ae159a7a80813fe902a132f12eedd01c63fd9e506cf05e088e7491

    • Size

      89KB

    • MD5

      f54eea2b9a7c0259b87a5303a526d818

    • SHA1

      641fcc96b0e288f7c5b1d0b94d6be1be2939e38e

    • SHA256

      72fd107044ae159a7a80813fe902a132f12eedd01c63fd9e506cf05e088e7491

    • SHA512

      36d1fb8553f454b1edbd719d4805e3d120b243960fb82ff640e52e3d3c9710a8761128079f981da011ad931c1117c0d7317f051bd4fd71a5bad93b7862dafde5

    • SSDEEP

      384:W8aZYC9twBNdcvFaly2H0dbJo6HghcASEJqc/ZmRvR6JZlbw8hqIusZzZVPe+8tp:AY+sNKqNHnSdRpcnu+REgTK

    Score
    10/10
    evasionpersistencenjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks