njrat | 0fbeb20947f75b3e1bc730b8ddaaca5c55fd162d557dae2fe33babd7cbef716a | Triage

Submit
Reports

Overview

overview

Static

static

3

BLTools BY XIII.exe

windows7-x64

BLTools BY XIII.exe

windows10-2004-x64

7

Sharing

General

Target

BLTools BY XIII.exe
Size

5.9MB
Sample

230610-3lp44aga72
MD5

016832e3ce6c4cf62015ac78998b7ead
SHA1

7090ba721ad1f71d50d7446d0b41b00e6256026f
SHA256

0fbeb20947f75b3e1bc730b8ddaaca5c55fd162d557dae2fe33babd7cbef716a
SHA512

5c151d367eb9dde8f89240dd46f44c5024ad199a7c4928ac1f9ab1e5d1d91d54c10608171b6912cf4112e0a593880b2ebd7c12a0cc480f7b15bfb060e74feb1b
SSDEEP

98304:5DJfFfupztdd20BbRFmN7nvIYAzYGVEooAZJTIya+vJ9OTOWjY9olN:/Ffupzd209RFOcYAsvAZ5If+vJ9OqXqN

Score

10^/10

njrat @xiiiolympus persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BLTools BY XIII.exe

Resource

win7-20230220-en

njrat @xiiiolympus persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

BLTools BY XIII.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

@XIIIOLYMPUS

C2

xiiiolympus.zapto.org:2000

Mutex

WindowsExplorer

Attributes

reg_key
WindowsExplorer
splitter
|-F-|

Targets

- Target
  
  BLTools BY XIII.exe
- Size
  
  5.9MB
- MD5
  
  016832e3ce6c4cf62015ac78998b7ead
- SHA1
  
  7090ba721ad1f71d50d7446d0b41b00e6256026f
- SHA256
  
  0fbeb20947f75b3e1bc730b8ddaaca5c55fd162d557dae2fe33babd7cbef716a
- SHA512
  
  5c151d367eb9dde8f89240dd46f44c5024ad199a7c4928ac1f9ab1e5d1d91d54c10608171b6912cf4112e0a593880b2ebd7c12a0cc480f7b15bfb060e74feb1b
- SSDEEP
  
  98304:5DJfFfupztdd20BbRFmN7nvIYAzYGVEooAZJTIya+vJ9OTOWjY9olN:/Ffupzd209RFOcYAsvAZ5If+vJ9OqXqN
Score

10^/10

njrat @xiiiolympus persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat@xiiiolympuspersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy