Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bazaar.abuse...

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://bazaar.abuse.ch/

  • Sample

    240911-cz7m7ayhjc

Score
10/10
njratvictimdiscoveryevasionpersistenceprivilege_escalationtrojanupx

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Victim

C2

hakim32.ddns.net:2000

0.tcp.eu.ngrok.io:11348

Mutex

06b22b2a8c6c511de75528741425ba83

Attributes
  • reg_key

    06b22b2a8c6c511de75528741425ba83

  • splitter

    |'|'|

Targets

    • Target

      https://bazaar.abuse.ch/

    Score
    10/10
    njratvictimdiscoveryevasionpersistenceprivilege_escalationtrojanupx

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks