Overview

overview

10

Static

static

3

a4f78e7790...c2.exe

windows7-x64

10

a4f78e7790...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2

  • Size

    61KB

  • Sample

    240226-1tf52sha86

  • MD5

    944c114e02b1d7fdc46e0b495cfc01c3

  • SHA1

    0b810447828a36ce22d905c0a5ca8ce6f38700ba

  • SHA256

    a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2

  • SHA512

    c5c30fdd8d2dbda2cfa1a10d56d7a7485cd0d565e49542fa6f9dd9c05ce2606feaef4855656ceab4e8f3bb60dd13f4fc564e6566ec23dcec8d8aca8d6b2d071c

  • SSDEEP

    1536:6weoCsTr2cg+H32CP4Gr+D12uYew4spdA4GSuw1:l2R+RED1IKedv

Score
10/10
njrat@ hacking by dr west @evasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

@ HaCkInG By Dr WeSt @

C2

w187.ddns.net:2020

Mutex

4ef9538b5a577a1bd3c1a578ea50c133

Attributes
  • reg_key

    4ef9538b5a577a1bd3c1a578ea50c133

  • splitter

    |'|'|

Targets

    • Target

      a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2

    • Size

      61KB

    • MD5

      944c114e02b1d7fdc46e0b495cfc01c3

    • SHA1

      0b810447828a36ce22d905c0a5ca8ce6f38700ba

    • SHA256

      a4f78e77907d8ea06d93912ebc29d191629c47270d87882ed9e8948a3bbb77c2

    • SHA512

      c5c30fdd8d2dbda2cfa1a10d56d7a7485cd0d565e49542fa6f9dd9c05ce2606feaef4855656ceab4e8f3bb60dd13f4fc564e6566ec23dcec8d8aca8d6b2d071c

    • SSDEEP

      1536:6weoCsTr2cg+H32CP4Gr+D12uYew4spdA4GSuw1:l2R+RED1IKedv

    Score
    10/10
    njrat@ hacking by dr west @evasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks