Overview

overview

10

Static

static

3

3fff7ae85b...fc.exe

windows7-x64

5

3fff7ae85b...fc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3fff7ae85bdb3e3f58ba32a41e1b9e81c142c4a88288020b9356e9fb78d4cafc.exe

  • Size

    64KB

  • Sample

    250201-m7zyesyrcv

  • MD5

    4552c7d2fcbc04b14cd616b422486c8b

  • SHA1

    b615d31bf56fa0576f422149f3df47019b39a70d

  • SHA256

    3fff7ae85bdb3e3f58ba32a41e1b9e81c142c4a88288020b9356e9fb78d4cafc

  • SHA512

    ca51b7dacd425da7723122f277aceb7435ace874ebceef4159608ce934ad5d6a19b82b7b259486e6e1068a4a3c4f54d9140b533d3a3a5fa6295de36967e1efe2

  • SSDEEP

    1536:3EFRfIIajeMzBdiGN9BbwNLi2bhtbxnCAumXG:4RfIIYnbONVv5CAFXG

Score
10/10
njrathackeddiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

127.0.0.1:1177

Mutex

41180d06ba79ca0eb6f0d961bf964eef

Attributes
  • reg_key

    41180d06ba79ca0eb6f0d961bf964eef

  • splitter

    |'|'|

Targets

    • Target

      3fff7ae85bdb3e3f58ba32a41e1b9e81c142c4a88288020b9356e9fb78d4cafc.exe

    • Size

      64KB

    • MD5

      4552c7d2fcbc04b14cd616b422486c8b

    • SHA1

      b615d31bf56fa0576f422149f3df47019b39a70d

    • SHA256

      3fff7ae85bdb3e3f58ba32a41e1b9e81c142c4a88288020b9356e9fb78d4cafc

    • SHA512

      ca51b7dacd425da7723122f277aceb7435ace874ebceef4159608ce934ad5d6a19b82b7b259486e6e1068a4a3c4f54d9140b533d3a3a5fa6295de36967e1efe2

    • SSDEEP

      1536:3EFRfIIajeMzBdiGN9BbwNLi2bhtbxnCAumXG:4RfIIYnbONVv5CAFXG

    Score
    10/10
    discoverynjrathackedtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks