Overview

overview

10

Static

static

3

d686eea679...53.exe

windows7-x64

10

d686eea679...53.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d686eea6799ac67ee8cea974dbd4e905e45ae26c99b26ad5dd9cd7edfffd8853.exe

  • Size

    111KB

  • Sample

    241123-k3hggaslbz

  • MD5

    a20ba3c8836501dd15c9d97e2ef5da7e

  • SHA1

    5274efafdbd4eb7cc83f07f91121300dd8efb376

  • SHA256

    d686eea6799ac67ee8cea974dbd4e905e45ae26c99b26ad5dd9cd7edfffd8853

  • SHA512

    4646b9eaed101fcb04e8f15f6b776244c2eb0f093de933ce286b24d3a5face49be718356119badeb868045212654c8c5f0b13a377ab2006eb7954a00c5b6e565

  • SSDEEP

    1536:C8OCPjUq4QRwDBWtTcnNzmWb3Aq3Gh5nRdWKA3oM6y:C8yq4gwDBWtTcBrbLGmKAYM6y

Score
10/10
njrathackeddiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.11.141:5552

Mutex

78aba1c78ff26f1db3f972471aed1aa2

Attributes
  • reg_key

    78aba1c78ff26f1db3f972471aed1aa2

  • splitter

    |'|'|

Targets

    • Target

      d686eea6799ac67ee8cea974dbd4e905e45ae26c99b26ad5dd9cd7edfffd8853.exe

    • Size

      111KB

    • MD5

      a20ba3c8836501dd15c9d97e2ef5da7e

    • SHA1

      5274efafdbd4eb7cc83f07f91121300dd8efb376

    • SHA256

      d686eea6799ac67ee8cea974dbd4e905e45ae26c99b26ad5dd9cd7edfffd8853

    • SHA512

      4646b9eaed101fcb04e8f15f6b776244c2eb0f093de933ce286b24d3a5face49be718356119badeb868045212654c8c5f0b13a377ab2006eb7954a00c5b6e565

    • SSDEEP

      1536:C8OCPjUq4QRwDBWtTcnNzmWb3Aq3Gh5nRdWKA3oM6y:C8yq4gwDBWtTcBrbLGmKAYM6y

    Score
    10/10
    njrathackeddiscoverytrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks