Overview

overview

10

Static

static

10

6c8ba2f55a...bN.exe

windows7-x64

10

6c8ba2f55a...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c8ba2f55a3d25ebfda02f07ba54cdd7c7a87df66baca9d0af4489d07330168bN

  • Size

    55KB

  • Sample

    240920-rz4zmasbkr

  • MD5

    9530339f7faadc9dad2e337a4c1e8ed0

  • SHA1

    7986598cb1ddf207880f5ae10cd015acbb490d0e

  • SHA256

    6c8ba2f55a3d25ebfda02f07ba54cdd7c7a87df66baca9d0af4489d07330168b

  • SHA512

    6fab07ddd4245e1f726bc969f02e30af4bf8b1581efbd4a446cacd29b2a9b3c9faf27c48193d9e67303792f1594f469d665afea6b9435162189c6ac80061273a

  • SSDEEP

    768:TsNQCP1+t1Man0KI2N+5Sk7J3Q8kSNRmwFvfu0YMDHPsO77XJSxI3pmvm:TBmsDnXN+5Sk9lDIwsNMD5XExI3pmvm

Score
10/10
njratvictimdiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

ask-candles.gl.at.ply.gg:7783

Mutex

e1d669080f42a245a7a71468a36728c0

Attributes
  • reg_key

    e1d669080f42a245a7a71468a36728c0

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      6c8ba2f55a3d25ebfda02f07ba54cdd7c7a87df66baca9d0af4489d07330168bN

    • Size

      55KB

    • MD5

      9530339f7faadc9dad2e337a4c1e8ed0

    • SHA1

      7986598cb1ddf207880f5ae10cd015acbb490d0e

    • SHA256

      6c8ba2f55a3d25ebfda02f07ba54cdd7c7a87df66baca9d0af4489d07330168b

    • SHA512

      6fab07ddd4245e1f726bc969f02e30af4bf8b1581efbd4a446cacd29b2a9b3c9faf27c48193d9e67303792f1594f469d665afea6b9435162189c6ac80061273a

    • SSDEEP

      768:TsNQCP1+t1Man0KI2N+5Sk7J3Q8kSNRmwFvfu0YMDHPsO77XJSxI3pmvm:TBmsDnXN+5Sk9lDIwsNMD5XExI3pmvm

    Score
    10/10
    njratdiscoverypersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks