Overview

overview

10

Static

static

10

bc77b4592a...08.exe

windows7-x64

10

bc77b4592a...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a33929b7a057fe0192bf91aa7c26eb312ef1b1653d106e85c329aa52b0b001b

  • Size

    11KB

  • Sample

    240419-v8chhsbf8w

  • MD5

    b502720eb0645a6aa0e5915b2dc7a006

  • SHA1

    775e5961a1cb4421d22282795f5dd4800e687ed4

  • SHA256

    3a33929b7a057fe0192bf91aa7c26eb312ef1b1653d106e85c329aa52b0b001b

  • SHA512

    847f693c8f8ee17254b722c75e9615f8862e5ba09b9def467ba953be6c15c873640bd489cc44c160a815fdc27ce36601e8a80cf8a15ca9dd30b8bf8be5fee280

  • SSDEEP

    192:QKA1F7gTjuiPpl4JNu09geWtOMUa/ucXpDFDb5VZFeHozxB5V2jHHsWsvlknqWvs:DdTjusG9b8jUKNDF5VZcIz/KjHFA8hbO

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

fallenvrsdo7ne.ddns.net:1177

Mutex

5a1dceb696560575497ef5faf4d00de1

Attributes
  • reg_key

    5a1dceb696560575497ef5faf4d00de1

  • splitter

    |'|'|

Targets

    • Target

      bc77b4592acc8dc3708179fd8719405271052addb074c04db57f0f1699e77708.exe

    • Size

      23KB

    • MD5

      9df2b193396f5be4c1636b0619362ec6

    • SHA1

      91803a123fa7ceb1359c797a98632208bc4597d9

    • SHA256

      bc77b4592acc8dc3708179fd8719405271052addb074c04db57f0f1699e77708

    • SHA512

      bf81c77d2c5528a835721d3d70dabf030a37573dc8c5a1b4cb9a1b714bd66fde4e279881f8783d765c60d6cc279406d0ab7af9028974f2a750088e01bafdd578

    • SSDEEP

      384:qY324bcgPiJLQrfARGSRUJsbY6ZgvSMBD3t8mRvR6JZlbw8hqIusZzZb/xP:9L2s+tRyRpcnuQJP

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks