Overview

overview

10

Static

static

3

fd70a8c89f...0c.exe

windows7-x64

10

fd70a8c89f...0c.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd70a8c89f038a6b1603fcd8f660540c

  • Size

    72KB

  • Sample

    231228-2lz4mafehr

  • MD5

    fd70a8c89f038a6b1603fcd8f660540c

  • SHA1

    46a6e8f6337b1b27eec442d3cef914f559d324d4

  • SHA256

    e227ee568e833b3699839075d7b9331ce826c750b132c0c64ec08a7d125feeeb

  • SHA512

    a119cc56e0200c9e9e0145ea25e8451d9ce3c7ef57c6e9835edd5d7f8a08753892716a424e1340af2ea9eed40cc1b8151168aa1781aab1a35e21fc20da9afdb8

  • SSDEEP

    768:v63+SmnE55kQYd5c6sNWPYkd6LyVeZ1KreGwMFiJXVpA7UC2JepkDs2Tfei+QO:m+Sm5NsNWVMyViKrenfVYUfApkDs2CRP

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

127.0.0.1:6662

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      fd70a8c89f038a6b1603fcd8f660540c

    • Size

      72KB

    • MD5

      fd70a8c89f038a6b1603fcd8f660540c

    • SHA1

      46a6e8f6337b1b27eec442d3cef914f559d324d4

    • SHA256

      e227ee568e833b3699839075d7b9331ce826c750b132c0c64ec08a7d125feeeb

    • SHA512

      a119cc56e0200c9e9e0145ea25e8451d9ce3c7ef57c6e9835edd5d7f8a08753892716a424e1340af2ea9eed40cc1b8151168aa1781aab1a35e21fc20da9afdb8

    • SSDEEP

      768:v63+SmnE55kQYd5c6sNWPYkd6LyVeZ1KreGwMFiJXVpA7UC2JepkDs2Tfei+QO:m+Sm5NsNWVMyViKrenfVYUfApkDs2CRP

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks