Overview

overview

10

Static

static

3

4a6fd71961...65.exe

windows7-x64

10

4a6fd71961...65.exe

windows10-2004-x64

10

..exe

windows7-x64

10

..exe

windows10-2004-x64

10

fb.exe

windows7-x64

1

fb.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a6fd719619ff72fa045f8fe1c386407d5819d321819119ffb5908bc40626865.exe

  • Size

    252KB

  • Sample

    240524-mxh7xsed46

  • MD5

    6dc9f85dc63d88d82305ee118a6dc35b

  • SHA1

    0ad2a307a342ddf2f5f24f6ef80bffcc51bf912f

  • SHA256

    4a6fd719619ff72fa045f8fe1c386407d5819d321819119ffb5908bc40626865

  • SHA512

    a051cbbf93e2854d4b4249c013606f6ac20a4d50cbdf597786e006d739cf78454eb0f0ca0bc4a3a8e102143cb9cfcd09b0d3aa184c6874a554fba8bba912d64c

  • SSDEEP

    6144:bnx1pFOA758zGjdZAxlhGLnv4LNStRpRzAtpJkWl:DOA18zGuGDARSzAXl

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

snopi.ddns.net:9100

Mutex

5bfa04bf4e1b1b13538ee68039ccfeba

Attributes
  • reg_key

    5bfa04bf4e1b1b13538ee68039ccfeba

  • splitter

    |'|'|

Targets

    • Target

      4a6fd719619ff72fa045f8fe1c386407d5819d321819119ffb5908bc40626865.exe

    • Size

      252KB

    • MD5

      6dc9f85dc63d88d82305ee118a6dc35b

    • SHA1

      0ad2a307a342ddf2f5f24f6ef80bffcc51bf912f

    • SHA256

      4a6fd719619ff72fa045f8fe1c386407d5819d321819119ffb5908bc40626865

    • SHA512

      a051cbbf93e2854d4b4249c013606f6ac20a4d50cbdf597786e006d739cf78454eb0f0ca0bc4a3a8e102143cb9cfcd09b0d3aa184c6874a554fba8bba912d64c

    • SSDEEP

      6144:bnx1pFOA758zGjdZAxlhGLnv4LNStRpRzAtpJkWl:DOA18zGuGDARSzAXl

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      ..exe

    • Size

      97KB

    • MD5

      6b2f9bd816a587fc95b180165fc2de52

    • SHA1

      883d0273809933c3f1c8c3028a3292a6b6b685a3

    • SHA256

      3e724526d13e04bd577505dca03ce99a84ec6b51997b08bcb91b998ef724f5ec

    • SHA512

      1b588c9ab8251c0f7389944cc9ba79c2ff17c37c1824743e06f0634c1a159835b3744b1a6e8718e1c2594832a913d657cb7d35b4eb7faed613f5e0fced8d1cea

    • SSDEEP

      1536:39YrtUwWH5c+gEfNmZbmLMxA6uNua+QO/OTz/3rn47sBtNW98dtaVZaR/J1fHw0U:3OrxI5PmxDuNuNQ+4YY97g

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      fb.exe

    • Size

      348KB

    • MD5

      e4ef92e29a8783494b782f36b4945197

    • SHA1

      f8cbd43814bee27349e88aec712c15fd5f8827e5

    • SHA256

      934a506ab96759ed32ba1d0bd73191f0369b90af62ad52a934f577e5d1823161

    • SHA512

      a1c38125b841e23223c7daf4230a6c4cfdec9dfef7d7a986ab6b037ba9de0be3744f6f53d24aa1ae03451ff7848695f33fb5effe8da3d5e455f3e630b54a4187

    • SSDEEP

      6144:fKqOvPVDIpw5pfYRVjwKQvEAp38cy6HqxqOFh4IDH2u8:SXpfYXjwKQvacyr/DW

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks