Overview

overview

10

Static

static

3

1e32f47856...b0.exe

windows7-x64

10

1e32f47856...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e32f478568d5aeba53b76bb54a18bb0.exe

  • Size

    124KB

  • Sample

    230921-ebmdfscg81

  • MD5

    1e32f478568d5aeba53b76bb54a18bb0

  • SHA1

    3a56b495df1ea37586d79c6465456145b89c403a

  • SHA256

    9f773249a099a9122a9cbad4cdbd6d4a413d8047a444b8a65de33c458b996087

  • SHA512

    c50e6e216c14f63ae7afdac841d116d251b021fbfc7d9677b43adea625369828c6f7802d87def27972a3c0eb5e8b715781302d3dd4dd9c2efbf1665d64c63301

  • SSDEEP

    3072:eV3eDzgZqwy8m/8XBhvNS1ChkA+38MBXNt2/NOVvIY344xcuy9K18:eVqzdwyCHllhj+3vBS/W44xcuyc1

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.in.ngrok.io:19400

Mutex

900e32528e286bf3fa16f687e637183a

Attributes
  • reg_key

    900e32528e286bf3fa16f687e637183a

  • splitter

    |'|'|

Targets

    • Target

      1e32f478568d5aeba53b76bb54a18bb0.exe

    • Size

      124KB

    • MD5

      1e32f478568d5aeba53b76bb54a18bb0

    • SHA1

      3a56b495df1ea37586d79c6465456145b89c403a

    • SHA256

      9f773249a099a9122a9cbad4cdbd6d4a413d8047a444b8a65de33c458b996087

    • SHA512

      c50e6e216c14f63ae7afdac841d116d251b021fbfc7d9677b43adea625369828c6f7802d87def27972a3c0eb5e8b715781302d3dd4dd9c2efbf1665d64c63301

    • SSDEEP

      3072:eV3eDzgZqwy8m/8XBhvNS1ChkA+38MBXNt2/NOVvIY344xcuy9K18:eVqzdwyCHllhj+3vBS/W44xcuyc1

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks