Overview

overview

10

Static

static

10

1fa56caa73...JC.exe

windows7-x64

10

1fa56caa73...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fa56caa73edcc2ea34d86780a3d07a72126593e12648b302d20403814b7ce4c_JC.exe

  • Size

    53KB

  • Sample

    230815-spga9adc6s

  • MD5

    384b9216322f5fd70b961970ac86750b

  • SHA1

    7aa1a0d4f9e169def8c0963311ce0a03acd9f5b9

  • SHA256

    1fa56caa73edcc2ea34d86780a3d07a72126593e12648b302d20403814b7ce4c

  • SHA512

    199baee0d8a79352167a0e7ebc5f58e3f4376152c77180b65fcf2e579211d591f54f1a25110eef14ac798437d1e8b956873fb88e3e36813511553179c129518b

  • SSDEEP

    768:KKXTZ38f7CTv8Fw4rM+rMRa8Nu9qtZZww:KiTZsTCTv8uD+gRJN+M

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

2.tcp.eu.ngrok.io:14265

Mutex

5951ee6e04d8b94616cf133a61795697

Attributes
  • reg_key

    5951ee6e04d8b94616cf133a61795697

  • splitter

    |'|'|

Targets

    • Target

      1fa56caa73edcc2ea34d86780a3d07a72126593e12648b302d20403814b7ce4c_JC.exe

    • Size

      53KB

    • MD5

      384b9216322f5fd70b961970ac86750b

    • SHA1

      7aa1a0d4f9e169def8c0963311ce0a03acd9f5b9

    • SHA256

      1fa56caa73edcc2ea34d86780a3d07a72126593e12648b302d20403814b7ce4c

    • SHA512

      199baee0d8a79352167a0e7ebc5f58e3f4376152c77180b65fcf2e579211d591f54f1a25110eef14ac798437d1e8b956873fb88e3e36813511553179c129518b

    • SSDEEP

      768:KKXTZ38f7CTv8Fw4rM+rMRa8Nu9qtZZww:KiTZsTCTv8uD+gRJN+M

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks