Overview

overview

10

Static

static

3

NEAS.786ad...50.exe

windows7-x64

10

NEAS.786ad...50.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.786ad20f6b656401508f569c45727e50.exe

  • Size

    103KB

  • Sample

    231117-f7126aff64

  • MD5

    786ad20f6b656401508f569c45727e50

  • SHA1

    55da4a2d31df5356ec38e97ac408a5d7afb295f5

  • SHA256

    3f2f08769dcdc623ca2bac7e7c92ec8fef8df9b98932bc72b3bb1ec4fbf9c10b

  • SHA512

    1a472c68ba2064d78e6274912a0b9c4d64f4f9f482f0dd89fb37773a6d666c9b5e981f2a25fdfe2a320ea55e477282d310b520b4b4c8016891b7f98d76851065

  • SSDEEP

    1536:orp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4xtKex:w5eznsjsguGDFqGx8ex

Score
10/10
njratneufevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

neuf

C2

doddyfire.linkpc.net:10000

Mutex

e1a87040f2026369a233f9ae76301b7b

Attributes
  • reg_key

    e1a87040f2026369a233f9ae76301b7b

  • splitter

    |'|'|

Targets

    • Target

      NEAS.786ad20f6b656401508f569c45727e50.exe

    • Size

      103KB

    • MD5

      786ad20f6b656401508f569c45727e50

    • SHA1

      55da4a2d31df5356ec38e97ac408a5d7afb295f5

    • SHA256

      3f2f08769dcdc623ca2bac7e7c92ec8fef8df9b98932bc72b3bb1ec4fbf9c10b

    • SHA512

      1a472c68ba2064d78e6274912a0b9c4d64f4f9f482f0dd89fb37773a6d666c9b5e981f2a25fdfe2a320ea55e477282d310b520b4b4c8016891b7f98d76851065

    • SSDEEP

      1536:orp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4xtKex:w5eznsjsguGDFqGx8ex

    Score
    10/10
    njratneufevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks