Overview

overview

10

Static

static

3

87a340c6dc...b4.exe

windows7-x64

10

87a340c6dc...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87a340c6dc9b2e994fddc7edb764ab197ce3eb576c4456a89b9faddd5f28b0b4.exe

  • Size

    49KB

  • Sample

    230908-1a43rsfe7s

  • MD5

    c3ec94cb1c15fbfd213aa5d5854b8e3f

  • SHA1

    65726604b29227377aadef41da87a7306c852f0c

  • SHA256

    87a340c6dc9b2e994fddc7edb764ab197ce3eb576c4456a89b9faddd5f28b0b4

  • SHA512

    e9cc11eb5e5e7426f9b8109e73194fccf989bfba3c04b73b78094946e79c5c31f3bb85d75193bc370b192836932a6bd8fdda1f3b5ff7b027a911b9bd7612aebf

  • SSDEEP

    1536:a7dS1EAd8II28ca2zhmamGJCKDRMcyEQXGNEPRbw1Rl:igEA6II2Da2zPf/XyEQSiRby

Score
10/10
njratcheatspersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

Cheats

C2

127.0.0.1:1

Mutex

smss.exe

Attributes
  • reg_key

    smss.exe

  • splitter

    |Ghost|

Targets

    • Target

      87a340c6dc9b2e994fddc7edb764ab197ce3eb576c4456a89b9faddd5f28b0b4.exe

    • Size

      49KB

    • MD5

      c3ec94cb1c15fbfd213aa5d5854b8e3f

    • SHA1

      65726604b29227377aadef41da87a7306c852f0c

    • SHA256

      87a340c6dc9b2e994fddc7edb764ab197ce3eb576c4456a89b9faddd5f28b0b4

    • SHA512

      e9cc11eb5e5e7426f9b8109e73194fccf989bfba3c04b73b78094946e79c5c31f3bb85d75193bc370b192836932a6bd8fdda1f3b5ff7b027a911b9bd7612aebf

    • SSDEEP

      1536:a7dS1EAd8II28ca2zhmamGJCKDRMcyEQXGNEPRbw1Rl:igEA6II2Da2zPf/XyEQSiRby

    Score
    10/10
    njratcheatspersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks