Overview

overview

10

Static

static

10

47c5387e84...e7.exe

windows7-x64

10

47c5387e84...e7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47c5387e8459af563993969200416cae6f9ad30748060c8d952c0ad4d2bae3e7.exe

  • Size

    32KB

  • Sample

    240928-jyb88avflk

  • MD5

    f5556b1489831f2959ac07f9ec3e62ae

  • SHA1

    8f01af126f5f97194300a270e117573079520567

  • SHA256

    47c5387e8459af563993969200416cae6f9ad30748060c8d952c0ad4d2bae3e7

  • SHA512

    c9e861907904cf8261624667567e91b8af4d8f34847259bb662800730edf43e7b78551214c1de58025bd1098c1aec0139cd41fdcd322795d2e8b6040942799c5

  • SSDEEP

    384:3YFaoEU3qeaRsi2ZEdNwXwhFPIC2Tg4wlDvodg9TdFpyFEIGsJjwE7UMcrie48eb:IHtrZEEILhouDbEEIGfR4+f

Score
10/10
njrathacked by hidden persondiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Botnet

Hacked By HiDDen PerSOn

Mutex

10e0199d9f6bf1986ef5592b8c19ee8d

Attributes
  • reg_key

    10e0199d9f6bf1986ef5592b8c19ee8d

Targets

    • Target

      47c5387e8459af563993969200416cae6f9ad30748060c8d952c0ad4d2bae3e7.exe

    • Size

      32KB

    • MD5

      f5556b1489831f2959ac07f9ec3e62ae

    • SHA1

      8f01af126f5f97194300a270e117573079520567

    • SHA256

      47c5387e8459af563993969200416cae6f9ad30748060c8d952c0ad4d2bae3e7

    • SHA512

      c9e861907904cf8261624667567e91b8af4d8f34847259bb662800730edf43e7b78551214c1de58025bd1098c1aec0139cd41fdcd322795d2e8b6040942799c5

    • SSDEEP

      384:3YFaoEU3qeaRsi2ZEdNwXwhFPIC2Tg4wlDvodg9TdFpyFEIGsJjwE7UMcrie48eb:IHtrZEEILhouDbEEIGfR4+f

    Score
    10/10
    njrathacked by hidden persondiscoveryevasionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks