Overview

overview

10

Static

static

10

e22450346a...b6.exe

windows7-x64

10

e22450346a...b6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86b82eb9809c5d95c1eec8b83d770973.bin

  • Size

    1.6MB

  • Sample

    230703-btvwrsec58

  • MD5

    724321b8695384c46d9c9c2e85232a03

  • SHA1

    ac25d49374ab57696dbc9e3e0cb0f50a381e076b

  • SHA256

    273576aac621ed0875825f07204835ab1a0f35979d4a27281810624f4435db51

  • SHA512

    af593ce1617f7ab2f5deecc38192c2d758b9cbf64347a979e95af374dbca0f4b5a137b97e4667f327f9a19da71a7e12be0154c51f9a939bc69ad4b60a1a6f9c2

  • SSDEEP

    24576:UZP7ob5sY4gV5PkdpAWagmEOR2rZxJyszY2BX/ZH6tYuadC+adw:db5eO5PCDnI4ZGsM2F/16GDH

Score
10/10
njratyoutubeevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Youtube

C2

house-induced.at.ply.gg:42235

Mutex

aa334bb4a5ba8e94fe328c2fa3c29511

Attributes
  • reg_key

    aa334bb4a5ba8e94fe328c2fa3c29511

  • splitter

    |'|'|

Targets

    • Target

      e22450346ab41e5235c7913740afbd70243c9d16805caca160bd6fc8e56cafb6.exe

    • Size

      2.5MB

    • MD5

      86b82eb9809c5d95c1eec8b83d770973

    • SHA1

      7a95bfb4ea9b3680c0b7eaf661e2991834c95f9a

    • SHA256

      e22450346ab41e5235c7913740afbd70243c9d16805caca160bd6fc8e56cafb6

    • SHA512

      49c770f7cc537852c50539a605db0ce33c5f12854d5ca821bc5302391d7200b77b5c88261e481ee9bab9cdca01014c86aeeea4b14cce8365be368520acd9a4df

    • SSDEEP

      49152:XZX8rrazq8RyOdT4xC61GyNv5rn0KtX2X8SPSecH:XZHzq+8xn1dhptXNSqXH

    Score
    10/10
    njratyoutubeevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks