Overview

overview

10

Static

static

10

Client.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client.exe

  • Size

    31KB

  • Sample

    240212-p5fswadg91

  • MD5

    4f774abb085d4f708e5fdc712972b683

  • SHA1

    02ff90c60951a8d518a14f1296ef8edb9130a7d9

  • SHA256

    734dce9451929913ad71dad9efda5a93117f82c015f15a8c3659f987e5af24a2

  • SHA512

    85b3cb2f74561e08ccc6abf08c6a7e5330a9449f419af126136ec5f83f3688762fbbba7640e99687a70b155f118bacb6a7b53b8c00f731a7b853c6004bb57595

  • SSDEEP

    768:jhaZirnp7VJMzxn6zYJSRm3VPlvqQQmIDUu0tiHFj:c0pKS8JHQVkoj

Score
10/10
njratmediagetevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

mediaget

C2

5.39.43.50:1609

Mutex

db294556feafb205ed6cd0f561df2f99

Attributes
  • reg_key

    db294556feafb205ed6cd0f561df2f99

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      Client.exe

    • Size

      31KB

    • MD5

      4f774abb085d4f708e5fdc712972b683

    • SHA1

      02ff90c60951a8d518a14f1296ef8edb9130a7d9

    • SHA256

      734dce9451929913ad71dad9efda5a93117f82c015f15a8c3659f987e5af24a2

    • SHA512

      85b3cb2f74561e08ccc6abf08c6a7e5330a9449f419af126136ec5f83f3688762fbbba7640e99687a70b155f118bacb6a7b53b8c00f731a7b853c6004bb57595

    • SSDEEP

      768:jhaZirnp7VJMzxn6zYJSRm3VPlvqQQmIDUu0tiHFj:c0pKS8JHQVkoj

    Score
    10/10
    njratevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks