Overview

overview

10

Static

static

7

Quotation.pdf.exe

windows7-x64

10

Quotation.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation.pdf.exe

  • Size

    229KB

  • Sample

    230406-g4bhrsdf5t

  • MD5

    b73b5d482e753f160b3d20f4773ae948

  • SHA1

    7886189a0573de3a0558290b03935856bbfa1f29

  • SHA256

    19e95f9db29b995c1b9087fa81469adff0dc88c6ca58fae1d8193c5c5712614c

  • SHA512

    1b8aac45e90dbc34b03283cbd343327f22e480c9a649ff8fcc64b6741098bc5454c9b12d12c8bfbba0e73e96a3827aa6b66693b6ace6157b3c0c1e5ce4e92d25

  • SSDEEP

    3072:I9t2iLK6JG6x3cf6bX2jQaLP6FehXBy0o51itud4DSqE9jeAZwFMjyiVC0gAm6:IPPlJG6xxbcz64Py0O12udoEUA5I

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

109.206.243.59:4444

Mutex

167d229cd9c981018cf48a214b56b50d

Attributes
  • reg_key

    167d229cd9c981018cf48a214b56b50d

  • splitter

    |'|'|

Targets

    • Target

      Quotation.pdf.exe

    • Size

      229KB

    • MD5

      b73b5d482e753f160b3d20f4773ae948

    • SHA1

      7886189a0573de3a0558290b03935856bbfa1f29

    • SHA256

      19e95f9db29b995c1b9087fa81469adff0dc88c6ca58fae1d8193c5c5712614c

    • SHA512

      1b8aac45e90dbc34b03283cbd343327f22e480c9a649ff8fcc64b6741098bc5454c9b12d12c8bfbba0e73e96a3827aa6b66693b6ace6157b3c0c1e5ce4e92d25

    • SSDEEP

      3072:I9t2iLK6JG6x3cf6bX2jQaLP6FehXBy0o51itud4DSqE9jeAZwFMjyiVC0gAm6:IPPlJG6xxbcz64Py0O12udoEUA5I

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks