Overview

overview

10

Static

static

10

2ad44d3a4d...51.exe

windows7-x64

10

2ad44d3a4d...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ad44d3a4d6024a04140a501e5df7351.exe

  • Size

    37KB

  • Sample

    231206-ygys8ahb9s

  • MD5

    2ad44d3a4d6024a04140a501e5df7351

  • SHA1

    94a1e237ee077b22704225016d9b7c54dc482516

  • SHA256

    de544fa6de7f86b58ff6e82a682ff8bbcc8dcdaeee61421e720f09a3471f1a72

  • SHA512

    777b458b8ec76e13c51ad59384309eda09c2fbb82c846bd36a51ff4cbfcf8cc08a995f2e97891d21ae570c7fb10402edb18ff40d2b40396e24a25e15e603c3b0

  • SSDEEP

    384:zDu/T8PgibBjpPu7w9qyMTO1P5IsW+LJbrAF+rMRTyN/0L+EcoinblneHQM3epzH:iQNN9ZMTO1GV+prM+rMRa8NubPt

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:11952

Mutex

af413bb56f73479a5bd1a3e13a279069

Attributes
  • reg_key

    af413bb56f73479a5bd1a3e13a279069

  • splitter

    |'|'|

Targets

    • Target

      2ad44d3a4d6024a04140a501e5df7351.exe

    • Size

      37KB

    • MD5

      2ad44d3a4d6024a04140a501e5df7351

    • SHA1

      94a1e237ee077b22704225016d9b7c54dc482516

    • SHA256

      de544fa6de7f86b58ff6e82a682ff8bbcc8dcdaeee61421e720f09a3471f1a72

    • SHA512

      777b458b8ec76e13c51ad59384309eda09c2fbb82c846bd36a51ff4cbfcf8cc08a995f2e97891d21ae570c7fb10402edb18ff40d2b40396e24a25e15e603c3b0

    • SSDEEP

      384:zDu/T8PgibBjpPu7w9qyMTO1P5IsW+LJbrAF+rMRTyN/0L+EcoinblneHQM3epzH:iQNN9ZMTO1GV+prM+rMRa8NubPt

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks