Overview

overview

10

Static

static

3

New Project 1.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Project 1.exe

  • Size

    5.3MB

  • Sample

    250122-xz3dpasjgl

  • MD5

    b6f0198be0dd6b37cae764d9a969366e

  • SHA1

    aa8d5622aea5a0024f54d70f873fb3e8d32bfa13

  • SHA256

    49799902857cfb628defc1c4af547d271b368814642204fbfee93e642c4b50bc

  • SHA512

    92da3f546e5435cda93fd910c9e294849b67ebfa941d7522efc50f38aa04c9510378f66387eee404c11ff60d1b5cab51bd16cb5186476965ca5fd891035cc513

  • SSDEEP

    98304:aj2Q5odAGY95wpWB8GHfHSw5h8mO05cVlOqV1Kmw9m:Q1ipWqG/N5TRqfKmw9

Score
10/10
njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      New Project 1.exe

    • Size

      5.3MB

    • MD5

      b6f0198be0dd6b37cae764d9a969366e

    • SHA1

      aa8d5622aea5a0024f54d70f873fb3e8d32bfa13

    • SHA256

      49799902857cfb628defc1c4af547d271b368814642204fbfee93e642c4b50bc

    • SHA512

      92da3f546e5435cda93fd910c9e294849b67ebfa941d7522efc50f38aa04c9510378f66387eee404c11ff60d1b5cab51bd16cb5186476965ca5fd891035cc513

    • SSDEEP

      98304:aj2Q5odAGY95wpWB8GHfHSw5h8mO05cVlOqV1Kmw9m:Q1ipWqG/N5TRqfKmw9

    Score
    10/10
    njratdefense_evasiondiscoverypersistenceprivilege_escalationtrojanupx

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      defense_evasion

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks