Overview

overview

10

Static

static

10

cee7fe6594...e0.exe

windows7-x64

10

cee7fe6594...e0.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cee7fe6594f75c3c29a6ddf4cfe2ba8b20747c5faed3a9171fc3897e383cd3e0

  • Size

    29KB

  • Sample

    250123-jgjxqs1kak

  • MD5

    a1a937e60363cc1a074d3a28a790d901

  • SHA1

    76dfbb0fd9362af83a1079515388079d4b2fa0fd

  • SHA256

    cee7fe6594f75c3c29a6ddf4cfe2ba8b20747c5faed3a9171fc3897e383cd3e0

  • SHA512

    0d4d8621d78a2c25d79aae93be5719ece952921f658974558ded2b2c8d4d24a05aeab012a5ddd8a7b2d487cb90f9d28801936ed4757fff0a656dbd82efe8939f

  • SSDEEP

    384:BaFCtl7Dh+oqIqEXV5HEQTGumqDgN3eH6GBsbh0w4wlAokw9OhgOL1vYRGOZzKZB:P74oqIjlLTAqM3eFBKh0p29SgRcB

Score
10/10
njrathackerdefense_evasiondiscoverypersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

Hacker

C2

ywsfalsysy.duckdns.org:1177

Mutex

8b8934ec24fc05c5f20511aa61ac2fa9

Attributes
  • reg_key

    8b8934ec24fc05c5f20511aa61ac2fa9

  • splitter

    |'|'|

Targets

    • Target

      cee7fe6594f75c3c29a6ddf4cfe2ba8b20747c5faed3a9171fc3897e383cd3e0

    • Size

      29KB

    • MD5

      a1a937e60363cc1a074d3a28a790d901

    • SHA1

      76dfbb0fd9362af83a1079515388079d4b2fa0fd

    • SHA256

      cee7fe6594f75c3c29a6ddf4cfe2ba8b20747c5faed3a9171fc3897e383cd3e0

    • SHA512

      0d4d8621d78a2c25d79aae93be5719ece952921f658974558ded2b2c8d4d24a05aeab012a5ddd8a7b2d487cb90f9d28801936ed4757fff0a656dbd82efe8939f

    • SSDEEP

      384:BaFCtl7Dh+oqIqEXV5HEQTGumqDgN3eH6GBsbh0w4wlAokw9OhgOL1vYRGOZzKZB:P74oqIjlLTAqM3eFBKh0p29SgRcB

    Score
    10/10
    njrathackerdefense_evasiondiscoverypersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.