Overview

overview

10

Static

static

3

sms.exe

windows7-x64

10

sms.exe

windows10-2004-x64

8

Resubmissions

25-04-2023 20:24

230425-y64qrsef6z 10

25-04-2023 20:21

230425-y47pmsef5y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sms.exe

  • Size

    9.6MB

  • Sample

    230425-y64qrsef6z

  • MD5

    139763e38f11cee5331a742013d70b7a

  • SHA1

    6105a21e8e87b8d630c2954875dc9ad5307659e2

  • SHA256

    9d4c6f838ce6d86d7975d59dbd6158120503b4c247fbb20cad64d44eacdfe8a5

  • SHA512

    227632adabfdb48939226e56ae77dd6bdd3f3c25d9f019a82f1e695b7fdad8cd3bf484387b9e076cffee8170e21ec5184b8642289add9cf3343cd34ad02587ca

  • SSDEEP

    196608:YtseIs9onJ5hrZERlyiU8AdZYJERkrTmkReTZqbI6VQSTX:/s9c5hlERJAdZYyerqmeWQI

Score
10/10
njrathackedevasionpersistencepyinstallertrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

service.net-freaks.com:21649

Mutex

57709d3e7e090c0adae95ca5ed2afedd

Attributes
  • reg_key

    57709d3e7e090c0adae95ca5ed2afedd

  • splitter

    |'|'|

Targets

    • Target

      sms.exe

    • Size

      9.6MB

    • MD5

      139763e38f11cee5331a742013d70b7a

    • SHA1

      6105a21e8e87b8d630c2954875dc9ad5307659e2

    • SHA256

      9d4c6f838ce6d86d7975d59dbd6158120503b4c247fbb20cad64d44eacdfe8a5

    • SHA512

      227632adabfdb48939226e56ae77dd6bdd3f3c25d9f019a82f1e695b7fdad8cd3bf484387b9e076cffee8170e21ec5184b8642289add9cf3343cd34ad02587ca

    • SSDEEP

      196608:YtseIs9onJ5hrZERlyiU8AdZYJERkrTmkReTZqbI6VQSTX:/s9c5hlERJAdZYyerqmeWQI

    Score
    10/10
    njrathackedevasionpersistencepyinstallertrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks