Overview

overview

10

Static

static

3

868448f6c0...9d.exe

windows7-x64

10

868448f6c0...9d.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f333b5a74e464d8fd46fe49bedc760e.bin

  • Size

    87KB

  • Sample

    230607-b8yk7sgd66

  • MD5

    9595b74b7f5435e1e1dee849d14ab860

  • SHA1

    86a76ae75a0835197ad2efb44504a93058d0e3c4

  • SHA256

    bec45de531ea05bf558a58b477fa85b91f347cb203eb753579c3cebcedccbf31

  • SHA512

    f4d7c96bc49e86362bdb589b57b46613ac1b4c57897bab9422d6d6676ef9f3c56100e2660a853d5a28defabd623aa629c3bb5493d46620c5d4d59748dbe4d646

  • SSDEEP

    1536:QNAkwr0r7USoKPBlNLWc7DEamt2nhrOo8lJx5DBh5LIBb3tPQcYIaj5kYXlLvdBJ:QNAJr0nUJe1THETtGh2VlBjYb3tPLa19

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:5505

Mutex

Runtime Broker.exe

Attributes
  • reg_key

    Runtime Broker.exe

  • splitter

    |Ghost|

Targets

    • Target

      868448f6c06d672fd544f64ae73ca4b1fe8403af947b870edd99ff842c02c59d.exe

    • Size

      180KB

    • MD5

      4f333b5a74e464d8fd46fe49bedc760e

    • SHA1

      110588bfa2559e700564af03db5cf851be5ac3d3

    • SHA256

      868448f6c06d672fd544f64ae73ca4b1fe8403af947b870edd99ff842c02c59d

    • SHA512

      5ea9dbfae7dcf16f38aa0b064dd51cb7f6d398d5bb38b0877e9c7bf6b676151c01828c030d9d2f03707366651a66a3df39985aea43528baea55e79e83f784baf

    • SSDEEP

      3072:AK3fycY2pTpIb42etB/RpH5pXZOaXqmmgDXnkUrsK0GEx4FvPA+LjpgKab8iPt9G:9r9GE7PH3XZ84kUuVxG7Hpg3f9dO+

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks