Overview

overview

10

Static

static

10

bK97.exe

windows7-x64

8

bK97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bK97.exe

  • Size

    23KB

  • Sample

    230318-ep8hvabb75

  • MD5

    b34802dba5ce54b363ef217a48b6b9d1

  • SHA1

    ee3f242b86d3b07b8fc36f9330719296465db856

  • SHA256

    5bd47252eb9d1cdb54c533f45946c48d9ecbcba512336e7ee137953349757ff3

  • SHA512

    b87cc719377931a36e49394494095efcdc567789374852f053e4674347f5ae65dc561842fc322cf0b4f7549ca5bac64fd22ca3e1d03cfb02e78d0986c847a86b

  • SSDEEP

    384:woWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZM3:/7O89p2rRpcnul

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

0.tcp.ngrok.io:17506

Mutex

db4fd7d140aa221059113328d0539f84

Attributes
  • reg_key

    db4fd7d140aa221059113328d0539f84

  • splitter

    |'|'|

Targets

    • Target

      bK97.exe

    • Size

      23KB

    • MD5

      b34802dba5ce54b363ef217a48b6b9d1

    • SHA1

      ee3f242b86d3b07b8fc36f9330719296465db856

    • SHA256

      5bd47252eb9d1cdb54c533f45946c48d9ecbcba512336e7ee137953349757ff3

    • SHA512

      b87cc719377931a36e49394494095efcdc567789374852f053e4674347f5ae65dc561842fc322cf0b4f7549ca5bac64fd22ca3e1d03cfb02e78d0986c847a86b

    • SSDEEP

      384:woWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZM3:/7O89p2rRpcnul

    Score
    10/10
    evasionnjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks