Overview

overview

10

Static

static

10

2391090818...f9.exe

windows7-x64

10

2391090818...f9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cceba27592ed89ac5aee405a987a8ab20eeaf221d40f5251148b51e8ed47ec0c

  • Size

    11KB

  • Sample

    240419-v12gnsbd6z

  • MD5

    0e638d78dcb4b9cefb9a9d7e2f2b1046

  • SHA1

    45200b33897aaaf0ed9413e37b93fb1b9807a467

  • SHA256

    cceba27592ed89ac5aee405a987a8ab20eeaf221d40f5251148b51e8ed47ec0c

  • SHA512

    ade2dc41d55fb204ee74f90531f9bb79d6461b5ecb5f12e2c2b5e16c5a0ff3bda9188dfe54ae41f0203646b8a5aa9ef1849f1645a199d0fd475d8cdabed7447a

  • SSDEEP

    192:T5vG463iCVvHJpHHNjAw5Ro+TdG3oPEbQEegtmnP3i1HiY9YkoiJZK9XFzTOmfA:T5L23xpHtd3bdCu8mUF6knJZK9XFXfA

Score
10/10
njratmaxevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

max

C2

lafiro8872-20597.portmap.host:20597

Mutex

90784841b8a7d5d70cbd91c29f323ae6

Attributes
  • reg_key

    90784841b8a7d5d70cbd91c29f323ae6

  • splitter

    |'|'|

Targets

    • Target

      23910908180a95387a88c69fc0c39f677591cbb39e236c69270c16cde6b0e1f9.exe

    • Size

      23KB

    • MD5

      185798f33dbbe25c3fc48b808ce8460c

    • SHA1

      80034d0bf3444eb14d2a3a1c45e393580c94213c

    • SHA256

      23910908180a95387a88c69fc0c39f677591cbb39e236c69270c16cde6b0e1f9

    • SHA512

      3351f5122fdb9442c73c175449975ffcc3b286e79331c0e4cdf35d814700745d5dba593842222f093ef5e1a129a5b2eca8c0594d4d1a9036519f9a3ed54ab619

    • SSDEEP

      384:yc6CqbFYh3odrVCGiHssDB4b6i6fgpEupNXRmRvR6JZlbw8hqIusZzZ+a:lIU0tw3Rpcnue

    Score
    10/10
    njratmaxevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks