Overview

overview

10

Static

static

10

d5c62e521f...f9.exe

windows7-x64

10

d5c62e521f...f9.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95552ba8792c194f1440f23ab9217b0b9d70105acea152e2b1244a5e22236092

  • Size

    14KB

  • Sample

    240419-vavansae6s

  • MD5

    96699c74fb14d927013bdb47c817360c

  • SHA1

    6964a43a1fe2785f309dc15b57e40f09fccbf526

  • SHA256

    95552ba8792c194f1440f23ab9217b0b9d70105acea152e2b1244a5e22236092

  • SHA512

    50103fa83cf904439aa4f8e1270ba020827c409e144d00a17b9e0c43b380dcb8a7876e10af3b6c92273d2aab3806e1ad1ed665d9d8ec8fb628ec7c6877b4d45a

  • SSDEEP

    384:DvLjzlEBkgtaFPu+BiXVGZJ1qN7keZ3MmvCPWqQrlHC:Dvfzwkgtalu9XYbqqu3tvCPWTrlC

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

172.20.6.206:1992

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9.exe

    • Size

      31KB

    • MD5

      a5ad2d1796744144d739569bb466b307

    • SHA1

      42de0164c8cbd9b6c64100de720d2e0c49ebcb77

    • SHA256

      d5c62e521f44e5fc7bc80dd61a163e86405eae49dbbc9101aad6b6261b79abf9

    • SHA512

      45fa09478a871a75f4650a56529632bfddf93990819c6d5212753325305a7946c631076897b13e62297136ae26db064fef701dea23453ea504b4c2517d5e74b9

    • SSDEEP

      384:c8LBBi/W/7mgEp87wYK2GePqZhbM2AQk93vmhm7UMKmIEecKdbXTzm9bVhcaO6fd:5W/sqoHT2A/vMHTi9bD/Qz1n

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks