Overview

overview

10

Static

static

f843b20665...14.ps1

windows7-x64

10

f843b20665...14.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8832940373.zip

  • Size

    38KB

  • Sample

    230122-3l31yscb2s

  • MD5

    d6e4e053c4b010e73150c9a8d1d3ee0c

  • SHA1

    6dfd0f7b6ab6978d41dae05c1db40f5ab369f532

  • SHA256

    018a3a5163333ffffdcd6d1d65be2d3896a17f904716b2f6f95716ec7428abc1

  • SHA512

    edcdf35c9af6b986ccd0a671ce931ea5daffcd154844641743c95377ea0851790ac3640e417a9795b4e726351d6eda2a88214e276d1ec44460023d05bbf64910

  • SSDEEP

    768:lKk9r4VTg0/hIK+P0nHZBDJp2TKkhZHTUros3ufEWCUkOg5uPfxLQByhJOfL8:lFcO0/hIK+cHZxzeZHTW73ufENUkOgoJ

Score
10/10
njrat2525252525252525trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

2525252525252525

C2

2525.libya2020.com.ly:2525

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      f843b206655a34d936989941f9d6e967435ea9d1d19b502b8e30948ba5cc1b14

    • Size

      100KB

    • MD5

      11eca7330044f41bbcd5e140ff0a7fb5

    • SHA1

      9ab3b80a05c2ed5c585748423bd56ad9b59ff63f

    • SHA256

      f843b206655a34d936989941f9d6e967435ea9d1d19b502b8e30948ba5cc1b14

    • SHA512

      5130b4e90af5c9872f80deaea96088fff9822caf6fb2e286aa11b0756d4a1007e260215d3b7aa9b8cd7644909b2a7ff07a7750f54e7ec064c59dd9b4d00bbc56

    • SSDEEP

      1536:RZlZSkyJaVIg/+QZsHXGwrAfKYSh5fmv1xqvg:RYg

    Score
    10/10
    njrat2525252525252525trojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks