Overview

overview

10

Static

static

7

BO2 Destin...al.exe

windows10-2004-x64

10

MetroFramework.dll

windows10-2004-x64

1

PS3Lib.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    BO2 Destiny CRAK By Nice Tutorial.rar

  • Size

    636KB

  • Sample

    240903-bp3e2ssgpm

  • MD5

    ad4b9caffd476cc7ebf8d8110e0ce4cf

  • SHA1

    58257d0c048dcd67629716d0d031c0d2b8d04dc4

  • SHA256

    89f5228a44831406867a425dd8315bea802df8fadb84c3add2e4e30f0d739cb2

  • SHA512

    10e68362444e5ccb5a09a669d724abc9e7de70d463f4696c8d5f4148551ec33d77962b2263518bca13a57b50a2dde92bc97867bdd7147c3c7c02c9b042d9e703

  • SSDEEP

    12288:wHZlbPyVNpKamsm+dWhI9MUghrpnXCuFTkUaWp/T2UPAPYGyBGKi/:wb+wKm+YO99KrVSuFQUay/3BGf/

Score
10/10
njrathackedagilenetevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

GoogleChromeServer.ddns.net:7777

Mutex

fffdfaa66ba1e7c60e37f984374eb2b4

Attributes
  • reg_key

    fffdfaa66ba1e7c60e37f984374eb2b4

  • splitter

    |'|'|

Targets

    • Target

      BO2 Destiny CRAK By Nice Tutorial.exe

    • Size

      290KB

    • MD5

      0334d91acae1fd486041114e1412a5c5

    • SHA1

      913f48c32a9ee734475638e0830f038cfa0abd9f

    • SHA256

      f5d807a8dd24d15bb164528e7141f2daa80f3464e3e1f3b5088ec5829cc40f99

    • SHA512

      227b3a1ef30f00d065c042d5a11c5f8c4a0f27aab4dda452a52dcd7e90b5d91584642abac0fbcdf0bdc3111cd86e4cb7f2f95e383fdbcb5699ac3747459ef192

    • SSDEEP

      3072:fWqRgWra/a47L75pOOwaUOdFy8apU2sA7Po83QOM/JLt2hEdNCMJqkase0m2jobT:fm1CvxsA7PBmpt28NCxktM2job

    Score
    10/10
    njrathackedevasionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1

    • Target

      MetroFramework.dll

    • Size

      133KB

    • MD5

      a3a380676711eac89f67e0043c21b5d6

    • SHA1

      587c765dc3ca8d3ea2fa55b9f227cef284287522

    • SHA256

      c23cdacb0de78c5c6e8a1dde085cca1bf8261d3b90dac39379a4ac4518d212d1

    • SHA512

      98a8a6741fce19d7817e412d0d2fbe772d8fbda527a3f3a56ddce8dec0bcd23c6e0755402ad816af089f50fdd7b33bd8d834f3af6beb85dbff53830b5c130697

    • SSDEEP

      1536:evymZ39Uy6/ZDJALk8TWPdQNqUkkNZ8TS3SAqAxi0P77jRnZcHe+YNb:wJ/D6/lJAL4kqUZNMS371xi0DRFtb

    Score
    1/10
    behavioral2

    • Target

      PS3Lib.dll

    • Size

      475KB

    • MD5

      e2591c9be92cd8f098027885306833aa

    • SHA1

      99f4bef5ab9d4034cfa5e4d3f2eba83c8038eba4

    • SHA256

      f7e015454587c29aff65c82569e629955eb5e52a3a85b4f3677f9f1bc8ab7500

    • SHA512

      68c55f8d07d1aa15f8216b2c2c7512cb88d4f92666295a8a84db46b30ac40cb6c4e774650bf41885aff31cc8d49709a05eb5dde2503864354d9c8b0e57f375b6

    • SSDEEP

      12288:EBM6SzxGSkeNItOGWpvSmimrdh+SZqTSm:WEx5StOGQSyBh+SGx

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Tasks