Overview

overview

10

Static

static

10

761900700a...b7.exe

windows7-x64

10

761900700a...b7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    761900700a2dd93bf347e10fa9c14fb7.exe

  • Size

    30KB

  • Sample

    240407-pck7wscd6z

  • MD5

    761900700a2dd93bf347e10fa9c14fb7

  • SHA1

    db4904470793b785fd6b06c17312be4111da02e9

  • SHA256

    cd21730a2de2f182773c6b9ef50d34ed9f3d55a94b7e20a987e91843f14a057b

  • SHA512

    ce8a9bcee08e28090b84a860895079a3ef2b686fadc89d8cb859bcd36efc65734a03c7b8392f2a451d14ef14cc559e2d00463fe09a2c3f6ff5d0338996e5b4bb

  • SSDEEP

    768:sBSB69DdxkzxP6bg0aG3NQNvC7QmIDUu0tiwBj:RqqG7i8QVkNj

Score
10/10
njratmybotevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

5.39.43.60:3678

Mutex

3297cda814fb30a725f976420f48da21

Attributes
  • reg_key

    3297cda814fb30a725f976420f48da21

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      761900700a2dd93bf347e10fa9c14fb7.exe

    • Size

      30KB

    • MD5

      761900700a2dd93bf347e10fa9c14fb7

    • SHA1

      db4904470793b785fd6b06c17312be4111da02e9

    • SHA256

      cd21730a2de2f182773c6b9ef50d34ed9f3d55a94b7e20a987e91843f14a057b

    • SHA512

      ce8a9bcee08e28090b84a860895079a3ef2b686fadc89d8cb859bcd36efc65734a03c7b8392f2a451d14ef14cc559e2d00463fe09a2c3f6ff5d0338996e5b4bb

    • SSDEEP

      768:sBSB69DdxkzxP6bg0aG3NQNvC7QmIDUu0tiwBj:RqqG7i8QVkNj

    Score
    10/10
    njratevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks