Overview

overview

10

Static

static

3

12b6c4aca8...37.exe

windows7-x64

3

12b6c4aca8...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e35ed09d72c4f30704f9a595755846e.zip

  • Size

    83KB

  • Sample

    240831-sy76bs1elq

  • MD5

    440905648f7aaf4af4a213182f36485b

  • SHA1

    219cc503cfb35ddee9916dfc354e3ce028541e84

  • SHA256

    452c9de2993f7c26678c81bef5f0c305a2c8484ecf0ac9536ed265cfeb2c2390

  • SHA512

    9a2b257ce84ecd55840c8fb5c682d910aa5b14e537bfa9ca16dd1dce40b40f490d14bcb75fc7837dcf757657a43b30a39c33fd5e94a8c390cc15add5d83a1f2e

  • SSDEEP

    1536:pj0idOZrbXntmsBSQVTNaZWxpeshA/C/2U4IB5J+Cp+hX4JVMe9y0Zs:pIDtVnlNaZWr6/C/9PLJsvDKs

Score
10/10
njrathackeddiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

sniper7ghost.hopto.org:1177

Mutex

5479dc3981e26ffd0dd086d244c46392

Attributes
  • reg_key

    5479dc3981e26ffd0dd086d244c46392

  • splitter

    |'|'|

Targets

    • Target

      12b6c4aca8af6a0bf15e9278d47a66ef8c7f2772e4b5e863e6bb64289dd47837

    • Size

      120KB

    • MD5

      9e35ed09d72c4f30704f9a595755846e

    • SHA1

      ae793f91198f294e045d3ebae172a3e49153613d

    • SHA256

      12b6c4aca8af6a0bf15e9278d47a66ef8c7f2772e4b5e863e6bb64289dd47837

    • SHA512

      a62d55cd6d124ead3136b938af63d5eaa97d9eccc2a184357523d29eb1e5405346192d5541d419a6fe6842d9ef721a11d3da981c46608ada382ddd02c09fd502

    • SSDEEP

      3072:3Jki7jvtWHvqueH+08lWwftVLWYTwKeItbgQQ4w4qEV:ainvtCSxolWqLt0Kjbc4DqE

    Score
    10/10
    discoverynjrathackedtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks