Overview

overview

10

Static

static

3

07c12ed556...ed.exe

windows7-x64

10

07c12ed556...ed.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    07c12ed55666029d093c86904ef86eed

  • Size

    391KB

  • Sample

    231225-f3nw2aeedl

  • MD5

    07c12ed55666029d093c86904ef86eed

  • SHA1

    5d2477a42afb48d75f09cb122300a1fe15627ed6

  • SHA256

    64256bd7d58d796d9eae32d7ff26b198bca069b58c0e7388c90aa1f64c7af55d

  • SHA512

    5263d072f42f7d486f654b661d08bcf202beae68ab58afb605fdbfe279dfd4076ec946b1a8a5ae6d206a963e3226a7cf19e03f76dda128a8e3a1dbbf51f55cf8

  • SSDEEP

    6144:5xCOR/xPOIGWWxX4+LW4ctwuxDbV3yiGQDAsJc:5dgIxWxo+Fct9pC/QDAsJc

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

soso06200.ddns.net:1212

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      07c12ed55666029d093c86904ef86eed

    • Size

      391KB

    • MD5

      07c12ed55666029d093c86904ef86eed

    • SHA1

      5d2477a42afb48d75f09cb122300a1fe15627ed6

    • SHA256

      64256bd7d58d796d9eae32d7ff26b198bca069b58c0e7388c90aa1f64c7af55d

    • SHA512

      5263d072f42f7d486f654b661d08bcf202beae68ab58afb605fdbfe279dfd4076ec946b1a8a5ae6d206a963e3226a7cf19e03f76dda128a8e3a1dbbf51f55cf8

    • SSDEEP

      6144:5xCOR/xPOIGWWxX4+LW4ctwuxDbV3yiGQDAsJc:5dgIxWxo+Fct9pC/QDAsJc

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks