Overview

overview

10

Static

static

10

df000e309b...9b.exe

windows7-x64

10

df000e309b...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a72ddd0f47a665c08aba89432b4ae9ea.bin

  • Size

    30KB

  • Sample

    231029-cbebqsfh72

  • MD5

    b97b62946ce9270eb4a3495dc976654f

  • SHA1

    69339dc310869cb5de8cd483abf516182d617b5d

  • SHA256

    2164b8d82cdde6626c909eade0d248101af7b0e03511aceafe8eece6f0ea1181

  • SHA512

    74ddc5e2bdfd55ee3c99bf3eb0b24d66a3b58f4fc5086b94d46f8e7d2f54b1baa2295497689bd4658ffac67ce0ef2b017ffb6c93f316ecbc972d669b2d20acf1

  • SSDEEP

    768:kY7ol26Adptsbd5d/vZtc0fX5AKH6xmZsxJRcOS5/:kYcywbd5d/HcGHH4RcOg/

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:3442

Mutex

System.exe

Attributes
  • reg_key

    System.exe

  • splitter

    |Ghost|

Targets

    • Target

      df000e309b7f6e6645a8f6e5b63604d5b81e4ec4a63002f00e4b20eb79ccd79b.exe

    • Size

      64KB

    • MD5

      a72ddd0f47a665c08aba89432b4ae9ea

    • SHA1

      863f68f1f5299fb040cdcf112cf69ccfd8826b4d

    • SHA256

      df000e309b7f6e6645a8f6e5b63604d5b81e4ec4a63002f00e4b20eb79ccd79b

    • SHA512

      1bf21dfbd9abcdadcdf8cc79fd3f2f49c551f7bc919e315609813deb83b8b5533ccc067ae2f23979a7417597f8c3f41910e300c15520f35e9cb3cf260d2665c5

    • SSDEEP

      1536:S71Mwk7oN36taQviFw1gGWiz96BnvbTfLteF3nLrB9z3nOaF9bnS9vM:S71Mwk7oN36taQviFC5WizMBnffWl9zD

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks