Overview

overview

10

Static

static

3

FR4UDS SMT...ER.exe

windows10-1703-x64

10

FR4UDS SMT...ER.exe

windows10-1703-x64

7

FR4UDS SMT...39.pyc

windows10-1703-x64

1

FR4UDS SMT...on.bat

windows10-1703-x64

1

FR4UDS SMT...tp.vbs

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FR4UDS SMTP CRACKER & CHECKER WITH PROXY SCRAPER.zip

  • Size

    57.0MB

  • Sample

    230317-t6vqmsbb7z

  • MD5

    cccb78192f1eb33338b8774bcffc81c5

  • SHA1

    1b3b90d4d28d3e4622e4b5322060c7402ef9d3b6

  • SHA256

    508f09d617bdc253cd56b8a4a8cba65f87c21f7054da0963fc90dce621554640

  • SHA512

    a9c923a83e5f2a4a518e428d0d27566ab22e0f797699f4c8cdc11d5c4151ab3e4c2f07bf2181beac6fa90421d66b1f9fdc61ffeeddc1a8f5c1a2d90889756249

  • SSDEEP

    1572864:NXG9h6gt2BQlj6W0FjZnVfulOaszYN8qTbTVGanZ5RTC1TdPQ/:NXGX6gt3lF05pVfuz3xNZ5Re/PQ/

Score
10/10
njrathackedevasionpersistencepyinstallertrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

blog.hackcrack.io:8082

Mutex

Windows Explorer

Attributes
  • reg_key

    Windows Explorer

  • splitter

    |'|'|

Targets

    • Target

      FR4UDS SMTP CRACKER & CHECKER WITH PROXY SCRAPER/1-FR4UDS-SMTP-CRACKER.exe

    • Size

      8.0MB

    • MD5

      8c2e387d03003208159150b5a3fbf908

    • SHA1

      bbe27e3fdd524f10370f4128ec6378e00731177c

    • SHA256

      0d96485a2133755f94266b331a292d0427940d6e7dd30ac179f4a81cada01e35

    • SHA512

      d9bde61482e7f59d96ac0f3e96eb40d16076400df9503e8bfaea76dc7b7c452021ad2985a2196c3f11f38c35e9ba330743ceef01c75a8579cfd1ce7baa6aba04

    • SSDEEP

      196608:xnPxCsXDjDyf6L2WliXYrHW1L4jFbXMJXHdFVhcdty:tPxCEDVL2ciIrHWRIbXMJtGdt

    Score
    10/10
    njrathackedevasionpersistencepyinstallertrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      FR4UDS SMTP CRACKER & CHECKER WITH PROXY SCRAPER/2-FR4UDS-SMTP-CHECKER.exe

    • Size

      6.5MB

    • MD5

      a9765f71038a71fa9ef4d94fa75a17cd

    • SHA1

      ea68c59bdc71e94a30339a0fb670b42fea06300e

    • SHA256

      ddd539428d1b3f9963509807dc6eebdf57dc3490f1a100abc535c441a3605ac3

    • SHA512

      96482b306eefef07dc1412d10efa3630a8231f9909965cbf4f2fa22c687acf98dd2e21f69ae227a88b214cb985df85c051733d1b8f7048ad39511dfeee8b1791

    • SSDEEP

      196608:c1PmCsXDjDyf6L2WliXYrHW1L0yFKQaGFSO:CPmCEDVL2ciIrHWRxKQac

    Score
    7/10

    • Loads dropped DLL

    behavioral2

    • Target

      FR4UDS SMTP CRACKER & CHECKER WITH PROXY SCRAPER/__pycache__/FR4UDS.cpython-39.pyc

    • Size

      25KB

    • MD5

      417d92e073b9745eb480955d01e51551

    • SHA1

      a383ea24cf107743f8a09a672bc1e01b66582519

    • SHA256

      9d0d06782fdee2bbedae5837cca3e7d6c9d31f49013c4b35a2f87d6e93d2d9e2

    • SHA512

      d4c261bb68763fffc07a200c60410f4e3a6ab7234de235dfbf3c911b15e06b319393a1fa02a28ab48f3419925cae9f3af8b913b75302f0c08e4be84c00c7411a

    • SSDEEP

      384:itswZKvOC9o7tTxXrbBTB9NW9VfkbENKN16T/AB+ZhreU9Tze:i6rmVx7tTMt+sT/AB+ZpeU9Tze

    Score
    1/10
    behavioral3

    • Target

      FR4UDS SMTP CRACKER & CHECKER WITH PROXY SCRAPER/installation.bat

    • Size

      55B

    • MD5

      6566762c11c78c3174347ea5d9e8d722

    • SHA1

      0d60f222997c351744c01537188a477087a08077

    • SHA256

      ea7665ad2c0be32c18ce0d2155f0c51487bbdc1fd6e9ae83617977b42330ecd1

    • SHA512

      e9f08637d7df7f106030d0ead0d0b02ab9b77197bf16d9a0fffd7e10532ca872ebeb9949d4100f7567256ac91efc67cf8bf0404afbc7cd08bd3acf245c4fa1f7

    Score
    1/10
    behavioral4

    • Target

      FR4UDS SMTP CRACKER & CHECKER WITH PROXY SCRAPER/various/smtp.vbs

    • Size

      62KB

    • MD5

      ad077b50e620fc0b715f423aef6a51ae

    • SHA1

      05a7a3ab1788598673679b94c7ade8c7bb4d05ae

    • SHA256

      b4f286bc808ca2099328f599d503550f8cfd283162a55e6f106664baf5bc6f06

    • SHA512

      a0c17fbdd58949886673d1f5ca31ad049c4ec5911610f039176fa349aba317f12e073f24a478aff811bdc1772e9ce4b198a96eb935760a5a357654dd5754e24d

    • SSDEEP

      1536:oyt+ecUFsGGHKr8UOpk4tatxwf86qYGYNm:oy8lUiY1lCGom

    Score
    3/10
    behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks