Overview

overview

10

Static

static

10

731094233c...ca.exe

windows7-x64

10

731094233c...ca.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    731094233c490cbf7562f7e84e0bc99052e3d74adf315a22be30377800dbd2ca

  • Size

    3.5MB

  • Sample

    240523-243x8sch44

  • MD5

    776741bc808602c987aba9cc5efd69cd

  • SHA1

    50f8b6523c0722e36cfb48565fea8206bfdae18c

  • SHA256

    731094233c490cbf7562f7e84e0bc99052e3d74adf315a22be30377800dbd2ca

  • SHA512

    a2eb805f4a53d2c47371a60369c4d8892b45221c845ce7214675d09610b45964a72fe1e268228807a9011ffd28e11fda8a5ca32d1cd412942931a703a38dcb2c

  • SSDEEP

    49152:iaNR9UiP8mqlTlIt5olidaPIHMbq0GsoPeBMjTl+qK33x/:i49UrtnIE5wsbbomCPhKR

Score
10/10
njratpersistencetrojan

Malware Config

Targets

    • Target

      731094233c490cbf7562f7e84e0bc99052e3d74adf315a22be30377800dbd2ca

    • Size

      3.5MB

    • MD5

      776741bc808602c987aba9cc5efd69cd

    • SHA1

      50f8b6523c0722e36cfb48565fea8206bfdae18c

    • SHA256

      731094233c490cbf7562f7e84e0bc99052e3d74adf315a22be30377800dbd2ca

    • SHA512

      a2eb805f4a53d2c47371a60369c4d8892b45221c845ce7214675d09610b45964a72fe1e268228807a9011ffd28e11fda8a5ca32d1cd412942931a703a38dcb2c

    • SSDEEP

      49152:iaNR9UiP8mqlTlIt5olidaPIHMbq0GsoPeBMjTl+qK33x/:i49UrtnIE5wsbbomCPhKR

    Score
    10/10
    njratpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks