Overview

overview

10

Static

static

3

E232037B3F...5B.exe

windows7-x64

10

E232037B3F...5B.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    E232037B3F689350ECCE987401E71E9F113E64DBF255B.exe

  • Size

    435KB

  • Sample

    231211-vh6zfacfgm

  • MD5

    56282764cce59dfb9324a23291fbb1bf

  • SHA1

    208f177e5ba96cc415698bc1fba542ba3f02ef1f

  • SHA256

    e232037b3f689350ecce987401e71e9f113e64dbf255b1e114ccd1face3e53e4

  • SHA512

    b2dbec6468053626c9f3ffa6eb5e51ae357c335c339a47103598e1f9af2839587468819c480f6cf41bf859f1572e6d35e28a4014eee694c3294fc6053a478be9

  • SSDEEP

    12288:ZBWCQhrYZrPUzRXU12QezjqkGTJACEq9e0rDKdF:m/9wsi46RThEUTfKdF

Score
10/10
njrathsoooooone :$ evasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hsoooooone :$

C2

madara.selfip.net:49111

Mutex

4a9da9e19ee0c47a54e363b703439e5b

Attributes
  • reg_key

    4a9da9e19ee0c47a54e363b703439e5b

  • splitter

    |'|'|

Targets

    • Target

      E232037B3F689350ECCE987401E71E9F113E64DBF255B.exe

    • Size

      435KB

    • MD5

      56282764cce59dfb9324a23291fbb1bf

    • SHA1

      208f177e5ba96cc415698bc1fba542ba3f02ef1f

    • SHA256

      e232037b3f689350ecce987401e71e9f113e64dbf255b1e114ccd1face3e53e4

    • SHA512

      b2dbec6468053626c9f3ffa6eb5e51ae357c335c339a47103598e1f9af2839587468819c480f6cf41bf859f1572e6d35e28a4014eee694c3294fc6053a478be9

    • SSDEEP

      12288:ZBWCQhrYZrPUzRXU12QezjqkGTJACEq9e0rDKdF:m/9wsi46RThEUTfKdF

    Score
    10/10
    njrathsoooooone :$ evasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks