Overview

overview

10

Static

static

10

01d7dcfc0d...2b.exe

windows7-x64

10

01d7dcfc0d...2b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01d7dcfc0d43e1a63160c2a2b.exe

  • Size

    30KB

  • Sample

    230710-plyvcaab84

  • MD5

    01d7dcfc0d43e1a63160c2a2be09ac3b

  • SHA1

    b153f050ed9297fe236e5112ce3b4a334b18b135

  • SHA256

    ac458cf6d935c1fe276458fa4ed577c356a81662fc0978ed9708abd863b519c7

  • SHA512

    cc49ba199dd2c9dce7746f46f5f9bae0bf0793b955b851d5d38afcc40708e94a18000776254207f1b6c5d1d98b1154dfd345becf037417b7351dec25b9d5dd59

  • SSDEEP

    768:rSHMXrwpJbb2zxxO5Seqf3isfvUuQmIDUu0tirXj:rlkK9is7QVkaj

Score
10/10
njratbotevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Bot

C2

77.241.20.215:55915

Mutex

89a73e3948b3f7c938f6b700b2914080

Attributes
  • reg_key

    89a73e3948b3f7c938f6b700b2914080

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      01d7dcfc0d43e1a63160c2a2b.exe

    • Size

      30KB

    • MD5

      01d7dcfc0d43e1a63160c2a2be09ac3b

    • SHA1

      b153f050ed9297fe236e5112ce3b4a334b18b135

    • SHA256

      ac458cf6d935c1fe276458fa4ed577c356a81662fc0978ed9708abd863b519c7

    • SHA512

      cc49ba199dd2c9dce7746f46f5f9bae0bf0793b955b851d5d38afcc40708e94a18000776254207f1b6c5d1d98b1154dfd345becf037417b7351dec25b9d5dd59

    • SSDEEP

      768:rSHMXrwpJbb2zxxO5Seqf3isfvUuQmIDUu0tirXj:rlkK9is7QVkaj

    Score
    10/10
    njratbotevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks