Overview

overview

10

Static

static

10

5a37df41c6...14.exe

windows7-x64

10

5a37df41c6...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0758e53d6b07251f297cc0bec963439af0e26e46e8878660514eb3befdc89b1d

  • Size

    14KB

  • Sample

    240831-j4nt7stfla

  • MD5

    0eeb5e0ebdc755ffdf4a982637254920

  • SHA1

    841bf32a144d88646ca24bf4af62c09894d27db0

  • SHA256

    0758e53d6b07251f297cc0bec963439af0e26e46e8878660514eb3befdc89b1d

  • SHA512

    4d098cb447cde0771ebd26698f41e7b6101d00e0b8500dbd0f227cb091c36f29420faecdba2565b33b99f5eb7302daaed90c42eb15d42d8cba68a5ff39496389

  • SSDEEP

    384:pHAUB8+KSJu+JXf6IG1Kbg3ZV3c5/0NZJapPcknV:pNZX+1KbEVFaKknV

Score
10/10
njratwest-k.s.a @evasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

WeSt-K.S.A @

C2

127.0.0.1:5551

Mutex

0f436963af986f0915e6f175d79d7302

Attributes
  • reg_key

    0f436963af986f0915e6f175d79d7302

  • splitter

    |'|'|

Targets

    • Target

      5a37df41c699de4db40cce4ccb3bd9388a1cfb9691b803572effd6bf01a42514

    • Size

      33KB

    • MD5

      ba992f195c2a1517afe0bddd513459e5

    • SHA1

      d148b93b652cf051263d030c66ec3bd0e8926267

    • SHA256

      5a37df41c699de4db40cce4ccb3bd9388a1cfb9691b803572effd6bf01a42514

    • SHA512

      9131ab7296b5f75be286cb52fcb9fa429b5637bb0332fb9fbd7e838b74277b8a9af8f8d6db6c3f161efa82f7d6df75397a46e7e00a2028ab5f5766f542218c28

    • SSDEEP

      768:PnKR7bUw2C/o26qupedBKh0p29SgRK15:vY7b2f/+KhG29jK15

    Score
    10/10
    njratwest-k.s.a @evasionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks