Overview

overview

10

Static

static

3

6ce8efa0c3...8N.exe

windows7-x64

10

6ce8efa0c3...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ce8efa0c356175ec325222640b538549af72ca2c0bef6fcc5e3b1027a000418N.exe

  • Size

    123KB

  • Sample

    240924-y246qstbmp

  • MD5

    41d1c7d9dcc31393e057ba08ada65e00

  • SHA1

    7c7408dffcba00330bac9263fc3107aaf39d61d8

  • SHA256

    6ce8efa0c356175ec325222640b538549af72ca2c0bef6fcc5e3b1027a000418

  • SHA512

    cf850f70f8833839b4bb003fd88dad34f3d65bea93fcd56f4c9a77ce67b9b796f271d356370b6a8cdd84daa5c3bef037b598d5cb7f574442c864960f660227f0

  • SSDEEP

    3072:RjWcbx8WCXy1TTinDyoR5/mN2j9uV02GGsA47d:RzqWCX+A+c

Score
10/10
njrathackedevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

19.ip.gl.ply.gg:42443

Mutex

c1f77453d4f3d154f8c1eedb0473faf9

Attributes
  • reg_key

    c1f77453d4f3d154f8c1eedb0473faf9

  • splitter

    |'|'|

Targets

    • Target

      6ce8efa0c356175ec325222640b538549af72ca2c0bef6fcc5e3b1027a000418N.exe

    • Size

      123KB

    • MD5

      41d1c7d9dcc31393e057ba08ada65e00

    • SHA1

      7c7408dffcba00330bac9263fc3107aaf39d61d8

    • SHA256

      6ce8efa0c356175ec325222640b538549af72ca2c0bef6fcc5e3b1027a000418

    • SHA512

      cf850f70f8833839b4bb003fd88dad34f3d65bea93fcd56f4c9a77ce67b9b796f271d356370b6a8cdd84daa5c3bef037b598d5cb7f574442c864960f660227f0

    • SSDEEP

      3072:RjWcbx8WCXy1TTinDyoR5/mN2j9uV02GGsA47d:RzqWCX+A+c

    Score
    10/10
    njrathackedevasionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks