Overview

overview

10

Static

static

3

0e5c6f334e...19.exe

windows7-x64

10

0e5c6f334e...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e5c6f334e14a60cb011a38a477a5a2f65550eec5969ea4070ba07d3aed73c19

  • Size

    46KB

  • Sample

    240829-xlds6swdlc

  • MD5

    01d0114059c415bb846b28383bb62932

  • SHA1

    55e4a7f91fb168a5580682135e1b7942d87caab6

  • SHA256

    0e5c6f334e14a60cb011a38a477a5a2f65550eec5969ea4070ba07d3aed73c19

  • SHA512

    20affe0e282b5b3660439f6999adca4f399975b6ad0519cde84b0d0c0b10b228c08539f4f46cb4f908d6364fa1b4b54560fde12d8cf7bc3de35682baed5d2f43

  • SSDEEP

    768:hzOVemXzwd3P2g/o/IWtO9XXxKAXqZn5xEIh4G+Sco/JNFeBWzoTrtSTBdJ4F/JR:ZXmXYqIn9XhKQqZ5xERG+KNF02odS1/W

Score
10/10
njrathackeddiscoveryexecutiontrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

147.185.221.22:24536

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      0e5c6f334e14a60cb011a38a477a5a2f65550eec5969ea4070ba07d3aed73c19

    • Size

      46KB

    • MD5

      01d0114059c415bb846b28383bb62932

    • SHA1

      55e4a7f91fb168a5580682135e1b7942d87caab6

    • SHA256

      0e5c6f334e14a60cb011a38a477a5a2f65550eec5969ea4070ba07d3aed73c19

    • SHA512

      20affe0e282b5b3660439f6999adca4f399975b6ad0519cde84b0d0c0b10b228c08539f4f46cb4f908d6364fa1b4b54560fde12d8cf7bc3de35682baed5d2f43

    • SSDEEP

      768:hzOVemXzwd3P2g/o/IWtO9XXxKAXqZn5xEIh4G+Sco/JNFeBWzoTrtSTBdJ4F/JR:ZXmXYqIn9XhKQqZ5xERG+KNF02odS1/W

    Score
    10/10
    njrathackeddiscoveryexecutiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks