Overview

overview

10

Static

static

10

6c9617e85c...2N.exe

windows7-x64

10

6c9617e85c...2N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c9617e85c454a41a62edc0377352b2f9b4d0b25851da07d714fdef1c9fe80e2N

  • Size

    65KB

  • Sample

    241020-bwtrgs1ckc

  • MD5

    d3f053197868b3c4001138004c289910

  • SHA1

    e5ca96ed39403f5c938c344266e1f4c29f6c25eb

  • SHA256

    6c9617e85c454a41a62edc0377352b2f9b4d0b25851da07d714fdef1c9fe80e2

  • SHA512

    d338aaf568315e556e47fc7bb92abf71f02dd7bfe4135360df746c7ba8b2295c0e241d1695d1c966025ef2b95d04bb616cdcd60636fca0b9fb024adaa8f9a7ae

  • SSDEEP

    1536:+4wkDoN36taQviFw18GV6BnvbRfLteF3nLrB9z3nQaF9bhS9vM:+4wkDoN36taQviFC1EBn1fWl9zAaF9bV

Score
10/10
njrathackeddiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:6522

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    |Ghost|

Targets

    • Target

      6c9617e85c454a41a62edc0377352b2f9b4d0b25851da07d714fdef1c9fe80e2N

    • Size

      65KB

    • MD5

      d3f053197868b3c4001138004c289910

    • SHA1

      e5ca96ed39403f5c938c344266e1f4c29f6c25eb

    • SHA256

      6c9617e85c454a41a62edc0377352b2f9b4d0b25851da07d714fdef1c9fe80e2

    • SHA512

      d338aaf568315e556e47fc7bb92abf71f02dd7bfe4135360df746c7ba8b2295c0e241d1695d1c966025ef2b95d04bb616cdcd60636fca0b9fb024adaa8f9a7ae

    • SSDEEP

      1536:+4wkDoN36taQviFw18GV6BnvbRfLteF3nLrB9z3nQaF9bhS9vM:+4wkDoN36taQviFC1EBn1fWl9zAaF9bV

    Score
    10/10
    njrathackeddiscoverypersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks