Overview

overview

10

Static

static

3

foreignfilename.exe

windows7-x64

10

foreignfilename.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    foreignfilename.exe

  • Size

    606KB

  • Sample

    240112-h3lg1sbefj

  • MD5

    83b47bec30d0d32d2737040ab53846ce

  • SHA1

    e2427c0da51f36228a6fc1c7cb95eebd53394377

  • SHA256

    9fedab2bb4115b0afcd184c958283df5b436cbf800fb9de2678719bf9071d9f5

  • SHA512

    7b7649a187de1683ee3a5c2accc09dcf06e70bb6d3dae0d8df4c0b4fea2a7f7f850df8e8b44b29f7bde5569a258227a07c884e437bfac4bba4341a0a2014f912

  • SSDEEP

    6144:GTTbDL4ctZsa46niaIzs3vxxD0pqatvX7dZw6zL/KEBz860F9Gw:MjL406mnaIcqat//HL/r4Fp

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

127.0.0.1:2222

Mutex

6ff24f19677199efff6034746cc3f536

Attributes
  • reg_key

    6ff24f19677199efff6034746cc3f536

  • splitter

    |'|'|

Targets

    • Target

      foreignfilename.exe

    • Size

      606KB

    • MD5

      83b47bec30d0d32d2737040ab53846ce

    • SHA1

      e2427c0da51f36228a6fc1c7cb95eebd53394377

    • SHA256

      9fedab2bb4115b0afcd184c958283df5b436cbf800fb9de2678719bf9071d9f5

    • SHA512

      7b7649a187de1683ee3a5c2accc09dcf06e70bb6d3dae0d8df4c0b4fea2a7f7f850df8e8b44b29f7bde5569a258227a07c884e437bfac4bba4341a0a2014f912

    • SSDEEP

      6144:GTTbDL4ctZsa46niaIzs3vxxD0pqatvX7dZw6zL/KEBz860F9Gw:MjL406mnaIcqat//HL/r4Fp

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks