Overview

overview

10

Static

static

10

bMY4.exe

windows7-x64

8

bMY4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    bMY4.exe

  • Size

    23KB

  • Sample

    230528-ywh2bagd66

  • MD5

    6871449a52e2076a89a6c9279fb35475

  • SHA1

    de600d1a6a97cd29bd977cd0db2bddfc2a403e63

  • SHA256

    3cb22c29fad4b8369e7c77f5b7d7bf81941cbe57bc5df6fcadff39810234ee31

  • SHA512

    f54d35b0c8d2978e074e9cd8bea8a63c866af5db49badf17f4b64ec60ddb044b5c571e1731de9673875510d859dce3443eec8cb7d10216073952c2a7852b9fea

  • SSDEEP

    384:ocqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZVVJP:X30py6vhxaRpcnu2

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

0.tcp.sa.ngrok.io:15992

Mutex

785d4a30cbfbe3020699445b9503ac09

Attributes
  • reg_key

    785d4a30cbfbe3020699445b9503ac09

  • splitter

    |'|'|

Targets

    • Target

      bMY4.exe

    • Size

      23KB

    • MD5

      6871449a52e2076a89a6c9279fb35475

    • SHA1

      de600d1a6a97cd29bd977cd0db2bddfc2a403e63

    • SHA256

      3cb22c29fad4b8369e7c77f5b7d7bf81941cbe57bc5df6fcadff39810234ee31

    • SHA512

      f54d35b0c8d2978e074e9cd8bea8a63c866af5db49badf17f4b64ec60ddb044b5c571e1731de9673875510d859dce3443eec8cb7d10216073952c2a7852b9fea

    • SSDEEP

      384:ocqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZVVJP:X30py6vhxaRpcnu2

    Score
    10/10
    evasionnjrattrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks