Overview

overview

10

Static

static

7

0bc9fbd4d0...34.exe

windows7-x64

1

0bc9fbd4d0...34.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0bc9fbd4d0bbe8504679d8dbe6637f34

  • Size

    402KB

  • Sample

    231225-hacpeaeedm

  • MD5

    0bc9fbd4d0bbe8504679d8dbe6637f34

  • SHA1

    89ce1a8864a0430ee3a3e17ee8e119e2d1f373eb

  • SHA256

    b9d6ed71aeee30b2aa41cd10a0ff79ca73d1f2e41be229d4aae55bac4f78db8b

  • SHA512

    592bf45e992756664f6ae90a8192f1ff9f8ad6c7e34ba88e3038f44848facc432581675b4fd70e024603702817fe9a9a3d43439a800cca275a7e009c780807f1

  • SSDEEP

    6144:MmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgU:lSmLAuEY71fviagATFmebVQDcYcg

Score
10/10
njratpdfevasiontrojanupx

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

pdf

C2

hhhmach.ddns.net:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      0bc9fbd4d0bbe8504679d8dbe6637f34

    • Size

      402KB

    • MD5

      0bc9fbd4d0bbe8504679d8dbe6637f34

    • SHA1

      89ce1a8864a0430ee3a3e17ee8e119e2d1f373eb

    • SHA256

      b9d6ed71aeee30b2aa41cd10a0ff79ca73d1f2e41be229d4aae55bac4f78db8b

    • SHA512

      592bf45e992756664f6ae90a8192f1ff9f8ad6c7e34ba88e3038f44848facc432581675b4fd70e024603702817fe9a9a3d43439a800cca275a7e009c780807f1

    • SSDEEP

      6144:MmaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDgU:lSmLAuEY71fviagATFmebVQDcYcg

    Score
    10/10
    njratpdfevasiontrojanupx

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks