Overview

overview

10

Static

static

3

2e29fc015c...b4.exe

windows7-x64

10

2e29fc015c...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e29fc015c30f726fb2c8fe8a687638cd523ceeb51a79d068b45cd61ac1b00b4.exe

  • Size

    39KB

  • Sample

    241128-q62x6szjbw

  • MD5

    b7bfb490147c56a3f3480101df954fa9

  • SHA1

    faaf01d73a5c7e7a65c9553c1e9ff0d7256a2624

  • SHA256

    2e29fc015c30f726fb2c8fe8a687638cd523ceeb51a79d068b45cd61ac1b00b4

  • SHA512

    277ddfdb46fc81f00a76dc765562728737918b6f2f50def5d5201c730350c9c74a1632a3f6c884e7984271b088e6dd713763e6d856ceaf3819a63b07c5db9ee9

  • SSDEEP

    768:VvASIisql251c6opnV0jZJ/s8B8RnVMZ8pBz3bdHUCRKSBsL+DEplyLnEI:inql2ncFpngZFsrKcZRKSCL+D+w9

Score
10/10
njratlosharapersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

loshara

C2

127.0.0.1:80

Mutex

Client.exe

Attributes
  • reg_key

    Client.exe

  • splitter

    |Ghost|

Targets

    • Target

      2e29fc015c30f726fb2c8fe8a687638cd523ceeb51a79d068b45cd61ac1b00b4.exe

    • Size

      39KB

    • MD5

      b7bfb490147c56a3f3480101df954fa9

    • SHA1

      faaf01d73a5c7e7a65c9553c1e9ff0d7256a2624

    • SHA256

      2e29fc015c30f726fb2c8fe8a687638cd523ceeb51a79d068b45cd61ac1b00b4

    • SHA512

      277ddfdb46fc81f00a76dc765562728737918b6f2f50def5d5201c730350c9c74a1632a3f6c884e7984271b088e6dd713763e6d856ceaf3819a63b07c5db9ee9

    • SSDEEP

      768:VvASIisql251c6opnV0jZJ/s8B8RnVMZ8pBz3bdHUCRKSBsL+DEplyLnEI:inql2ncFpngZFsrKcZRKSCL+D+w9

    Score
    10/10
    njratlosharapersistencetrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks