Overview

overview

10

Static

static

1

sample.html

windows10-2004-x64

10

Resubmissions

13/10/2024, 22:09 UTC

241013-12yp3a1epg 8

23/09/2024, 20:35 UTC

240923-zc965azepm 3

23/09/2024, 20:33 UTC

240923-zb633szenn 3

23/09/2024, 20:28 UTC

240923-y81f5atdmc 10

23/09/2024, 20:27 UTC

240923-y8sraatdlg 3

23/09/2024, 20:27 UTC

240923-y8jtdatdlb 3

23/09/2024, 20:26 UTC

240923-y8b4jazekn 3

23/09/2024, 20:22 UTC

240923-y51mqazdpr 8

23/09/2024, 20:22 UTC

240923-y5sbcatcph 4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample

  • Size

    12KB

  • Sample

    240923-y81f5atdmc

  • MD5

    0b12663e5ae87a93a8726d938ef5bbf8

  • SHA1

    b53628d0d6db63fc3628146e901fa2ddca94b46d

  • SHA256

    6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8

  • SHA512

    9c3d34c587154bad94db1e4084f90f4d6415b7d8869293b74ab1cafb70021a12463fd1f1909ac06ed7407b062fcad33212769f018710081c9729417c59bb7f70

  • SSDEEP

    192:/NX6Gj50qTgymlrU4yD8Idlueh0ng61u+NmRmE5lw23WXX:/mzlrUhD8Idlu2SgT5u2w

Score
10/10
njratdiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      sample

    • Size

      12KB

    • MD5

      0b12663e5ae87a93a8726d938ef5bbf8

    • SHA1

      b53628d0d6db63fc3628146e901fa2ddca94b46d

    • SHA256

      6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8

    • SHA512

      9c3d34c587154bad94db1e4084f90f4d6415b7d8869293b74ab1cafb70021a12463fd1f1909ac06ed7407b062fcad33212769f018710081c9729417c59bb7f70

    • SSDEEP

      192:/NX6Gj50qTgymlrU4yD8Idlueh0ng61u+NmRmE5lw23WXX:/mzlrUhD8Idlu2SgT5u2w

    Score
    10/10
    njratdiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

3
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.