Overview

overview

10

Static

static

3

30370507a2...c3.exe

windows7-x64

10

30370507a2...c3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30370507a2816a3b25424a98b0a257c3

  • Size

    180KB

  • Sample

    231231-k3gj6shga3

  • MD5

    30370507a2816a3b25424a98b0a257c3

  • SHA1

    fb835ea3b66243bc388e6cd7f1d165ca086b5fa5

  • SHA256

    3240bb4e565eac6e610055410caf961539c916bc33679f00abe0d3cc55e76809

  • SHA512

    87001beabd5c678b90d96898258ed09c10fef2506b9bf83d2e20fd2cf26aeb8a9de8fd2666b75059d4c8c6e2953f527d54d13426328a392d4a766d2c98386c81

  • SSDEEP

    1536:HYVEJZ96Fs69zS7Reyhi9W9ItegcjNUH9Xz5tiU+n8iiBa7aU3n2kd7GM/i26WhD:Hd2YSLmQirb+rL

Score
10/10
njratr77hackedevasionrootkittrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

error404.linkpc.net:1177

Mutex

Svchost

Attributes
  • reg_key

    Svchost

  • splitter

    |-F-|

Targets

    • Target

      30370507a2816a3b25424a98b0a257c3

    • Size

      180KB

    • MD5

      30370507a2816a3b25424a98b0a257c3

    • SHA1

      fb835ea3b66243bc388e6cd7f1d165ca086b5fa5

    • SHA256

      3240bb4e565eac6e610055410caf961539c916bc33679f00abe0d3cc55e76809

    • SHA512

      87001beabd5c678b90d96898258ed09c10fef2506b9bf83d2e20fd2cf26aeb8a9de8fd2666b75059d4c8c6e2953f527d54d13426328a392d4a766d2c98386c81

    • SSDEEP

      1536:HYVEJZ96Fs69zS7Reyhi9W9ItegcjNUH9Xz5tiU+n8iiBa7aU3n2kd7GM/i26WhD:Hd2YSLmQirb+rL

    Score
    10/10
    njratr77hackedevasionrootkittrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • r77

      r77 is an open-source, userland rootkit.

      rootkitr77

    • r77 rootkit payload

      Detects the payload of the r77 rootkit.

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks