Overview

overview

10

Static

static

10

Payload.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payload.exe

  • Size

    55KB

  • Sample

    241203-jr9wxasjen

  • MD5

    9543a1b2a52c40fa3a2fc33f9b7251de

  • SHA1

    6fde8e48fb74f1860f470f6e0ed1297c5181618e

  • SHA256

    899fe26243b6efab008d442b471a000977f75113589d11cd33c793573c76cf79

  • SHA512

    3f6a08ac664288e192df7deac35a9e27df2e7f96217f53384cc9f1c60af818e478dfe4ef12ea7bee0689bb66f9f74a2dc3989c0365b87fc92eb2046425a05a56

  • SSDEEP

    1536:gjYADn8fLN2/SbxRDD3wsNMD7XExI3pmEm:lADnccqbTDD3wsNMD7XExI3pm

Score
10/10
njratvictimdiscoveryevasionexecutiontrojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

cities-constraints.gl.at.ply.gg:16265

Mutex

02c50d9a6cd2748a3e6820b9ed4d22d1

Attributes
  • reg_key

    02c50d9a6cd2748a3e6820b9ed4d22d1

  • splitter

    Y262SUCZ4UJJ

Targets

    • Target

      Payload.exe

    • Size

      55KB

    • MD5

      9543a1b2a52c40fa3a2fc33f9b7251de

    • SHA1

      6fde8e48fb74f1860f470f6e0ed1297c5181618e

    • SHA256

      899fe26243b6efab008d442b471a000977f75113589d11cd33c793573c76cf79

    • SHA512

      3f6a08ac664288e192df7deac35a9e27df2e7f96217f53384cc9f1c60af818e478dfe4ef12ea7bee0689bb66f9f74a2dc3989c0365b87fc92eb2046425a05a56

    • SSDEEP

      1536:gjYADn8fLN2/SbxRDD3wsNMD7XExI3pmEm:lADnccqbTDD3wsNMD7XExI3pm

    Score
    10/10
    njratdiscoveryevasionexecutiontrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Stops running service(s)

      evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks