Overview

overview

10

Static

static

10

a7a1f3e3bf...7e.exe

windows7-x64

10

a7a1f3e3bf...7e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    123acf74540b652a549c5d664b627663.bin

  • Size

    34KB

  • Sample

    230321-bc4gksaa81

  • MD5

    fccdcfd62913eda3ec2829e9d1d9bd5d

  • SHA1

    b7979904e4915c0897e7b8d03208241defb8b627

  • SHA256

    67f59214bb644115f11242a0b92a8ab08d2c9553b48fca7a4834d157eb04a074

  • SHA512

    d48787b80adcec81967c937ea7432ad19483330edf16426fcbe830f3fd64ade6939e5beb21c9956394c750b45d477b7ff1c2b347df69c537ff7aeec38d111fc8

  • SSDEEP

    768:mTFuLHuTVMeOAOHGMETEOHEG2ZJBZMl3uivEqqXVro4GA:m06TrOAOHGXXHEG8cbtqlsfA

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

YXJ0LW5vdmVsdHkuYXQucGx5Lmdn:MjU1NjU=

Mutex

8a45c8c850efba42d799d8b1b94ad051

Attributes
  • reg_key

    8a45c8c850efba42d799d8b1b94ad051

  • splitter

    |'|'|

Targets

    • Target

      a7a1f3e3bfc8abc1006276f3cb3bdaa1ff697b9fde421d6d2a181165db11377e.exe

    • Size

      93KB

    • MD5

      123acf74540b652a549c5d664b627663

    • SHA1

      57a8230ac3fa6fe42a563c3355aa0512f4939098

    • SHA256

      a7a1f3e3bfc8abc1006276f3cb3bdaa1ff697b9fde421d6d2a181165db11377e

    • SHA512

      95a94265a64087fe37e22d47a8f11499a036f9f8d949d83f86ac1af02267c83765c5bdc1ab53cb4ee9ed7db41bda854b2ee9931611a82e911e0b5317a44d1c19

    • SSDEEP

      768:rY30UBnkpjTMpALPGMtsas88EtNXhe9Y1mxCXxrjEtCdnl2pi1Rz4Rk3asGdpxgM:lURkVbPGHz88EbB1pjEwzGi1dDWDxgS

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks