Overview

overview

10

Static

static

10

bK5A.exe

windows7-x64

10

bK5A.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bK5A.exe

  • Size

    23KB

  • Sample

    230316-hzmkxahf26

  • MD5

    a55ad693e9909eab198f2f873939ba6f

  • SHA1

    28af68d8abcecf08c677449892ca5434a73ccb9f

  • SHA256

    27d7942099c932c0091ae518341193d28d06ac7b5efe0b548499be25217f046f

  • SHA512

    5ce2be5c0363d4e051c20e33f7bee8314d477fcb8348a760147ef5021112aa526ae8ed7e4e23c70e9b54808a6fdad64cfba058e5342f39a1908f220a1ed08f2f

  • SSDEEP

    384:H+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZbP:gm+71d5XRpcnuo

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:10930

Mutex

9e1d76f980dcbeb3169aabd93be87618

Attributes
  • reg_key

    9e1d76f980dcbeb3169aabd93be87618

  • splitter

    |'|'|

Targets

    • Target

      bK5A.exe

    • Size

      23KB

    • MD5

      a55ad693e9909eab198f2f873939ba6f

    • SHA1

      28af68d8abcecf08c677449892ca5434a73ccb9f

    • SHA256

      27d7942099c932c0091ae518341193d28d06ac7b5efe0b548499be25217f046f

    • SHA512

      5ce2be5c0363d4e051c20e33f7bee8314d477fcb8348a760147ef5021112aa526ae8ed7e4e23c70e9b54808a6fdad64cfba058e5342f39a1908f220a1ed08f2f

    • SSDEEP

      384:H+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZbP:gm+71d5XRpcnuo

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks