Overview

overview

10

Static

static

1

sample.html

windows10-2004-x64

10

Resubmissions

13-10-2024 22:09

241013-12yp3a1epg 8

23-09-2024 20:35

240923-zc965azepm 3

23-09-2024 20:33

240923-zb633szenn 3

23-09-2024 20:28

240923-y81f5atdmc 10

23-09-2024 20:27

240923-y8sraatdlg 3

23-09-2024 20:27

240923-y8jtdatdlb 3

23-09-2024 20:26

240923-y8b4jazekn 3

23-09-2024 20:22

240923-y51mqazdpr 8

23-09-2024 20:22

240923-y5sbcatcph 4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample

  • Size

    12KB

  • Sample

    240923-y81f5atdmc

  • MD5

    0b12663e5ae87a93a8726d938ef5bbf8

  • SHA1

    b53628d0d6db63fc3628146e901fa2ddca94b46d

  • SHA256

    6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8

  • SHA512

    9c3d34c587154bad94db1e4084f90f4d6415b7d8869293b74ab1cafb70021a12463fd1f1909ac06ed7407b062fcad33212769f018710081c9729417c59bb7f70

  • SSDEEP

    192:/NX6Gj50qTgymlrU4yD8Idlueh0ng61u+NmRmE5lw23WXX:/mzlrUhD8Idlu2SgT5u2w

Score
10/10
njratdiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      sample

    • Size

      12KB

    • MD5

      0b12663e5ae87a93a8726d938ef5bbf8

    • SHA1

      b53628d0d6db63fc3628146e901fa2ddca94b46d

    • SHA256

      6643f151aed8a65e60aafdd8ed1df99f4142b3cf4ac8f4f2ef41eb88070b13d8

    • SHA512

      9c3d34c587154bad94db1e4084f90f4d6415b7d8869293b74ab1cafb70021a12463fd1f1909ac06ed7407b062fcad33212769f018710081c9729417c59bb7f70

    • SSDEEP

      192:/NX6Gj50qTgymlrU4yD8Idlueh0ng61u+NmRmE5lw23WXX:/mzlrUhD8Idlu2SgT5u2w

    Score
    10/10
    njratdiscoveryevasionexecutionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

3
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks