Overview

overview

10

Static

static

3

PDF FILE.exe

windows7-x64

10

PDF FILE.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PDF FILE.exe

  • Size

    1.0MB

  • Sample

    231014-ea2rraee7z

  • MD5

    dff4dc6bba5c7ee0b6f5dc5952719bd7

  • SHA1

    4d6085c6b2c8d2f33f837d68bc8bee0eed1e48b7

  • SHA256

    b7be6b5b19d828af4d471403cf42208720f3241dc406875530bc6d7a8652923c

  • SHA512

    b794fb619be0a6bce8b25ad440a78f51992bb4f968a4b41a2cfb50f9a53924448eae08b1275a306ebc29b4c13995e72057aea552e590f647e82d6d65983f2a90

  • SSDEEP

    12288:Nq8RG2iNkLNo2+jgC/9scsQVAfLS43gWXd/bbnkLC8jL60QmwXMr6j8vF:NqqG1C7+ZOTQmzdbTke8NQmwc6g

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

185.94.29.109:1111

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      PDF FILE.exe

    • Size

      1.0MB

    • MD5

      dff4dc6bba5c7ee0b6f5dc5952719bd7

    • SHA1

      4d6085c6b2c8d2f33f837d68bc8bee0eed1e48b7

    • SHA256

      b7be6b5b19d828af4d471403cf42208720f3241dc406875530bc6d7a8652923c

    • SHA512

      b794fb619be0a6bce8b25ad440a78f51992bb4f968a4b41a2cfb50f9a53924448eae08b1275a306ebc29b4c13995e72057aea552e590f647e82d6d65983f2a90

    • SSDEEP

      12288:Nq8RG2iNkLNo2+jgC/9scsQVAfLS43gWXd/bbnkLC8jL60QmwXMr6j8vF:NqqG1C7+ZOTQmzdbTke8NQmwc6g

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks