Overview

overview

10

Static

static

10

240416-nqkmvahd22.exe

windows7-x64

10

240416-nqkmvahd22.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    240416-nqkmvahd22

  • Size

    37KB

  • Sample

    240416-plfc1aac33

  • MD5

    ba59a8753756dce717b79493ea95a388

  • SHA1

    8308b7c1dc0496894d87cfd7af95470b2759ae26

  • SHA256

    9643dc67a7e22c883606ced1ebcd6564af69fa739fbf4c4c0acaa6e0c0978383

  • SHA512

    22a045e0fbfc84cb9a6bc76cf2cf7b62ad284e12d7972f10a1723e006da6a6c1fa19ed504494784f3520ec97bbac16ce299567c91da5fa321aab48247a6840f4

  • SSDEEP

    384:07j3hUidk8XR21cGMy8PYk5f30Fl6sZcrAF+rMRTyN/0L+EcoinblneHQM3epzXT:cj3LLGv8PYk58qs6rM+rMRa8Nue8t

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

report-dust.gl.at.ply.gg:28329

Mutex

68920385a1dddf20a546ac9846448280

Attributes
  • reg_key

    68920385a1dddf20a546ac9846448280

  • splitter

    |'|'|

Targets

    • Target

      240416-nqkmvahd22

    • Size

      37KB

    • MD5

      ba59a8753756dce717b79493ea95a388

    • SHA1

      8308b7c1dc0496894d87cfd7af95470b2759ae26

    • SHA256

      9643dc67a7e22c883606ced1ebcd6564af69fa739fbf4c4c0acaa6e0c0978383

    • SHA512

      22a045e0fbfc84cb9a6bc76cf2cf7b62ad284e12d7972f10a1723e006da6a6c1fa19ed504494784f3520ec97bbac16ce299567c91da5fa321aab48247a6840f4

    • SSDEEP

      384:07j3hUidk8XR21cGMy8PYk5f30Fl6sZcrAF+rMRTyN/0L+EcoinblneHQM3epzXT:cj3LLGv8PYk58qs6rM+rMRa8Nue8t

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks