Overview

overview

10

Static

static

10

babv.exe

windows7-x64

10

babv.exe

windows10-2004-x64

babv.exe

android-9-x86

babv.exe

android-10-x64

babv.exe

android-11-x64

babv.exe

ubuntu-18.04-amd64

babv.exe

debian-9-armhf

babv.exe

debian-9-mips

babv.exe

debian-9-mipsel

Resubmissions

28/03/2025, 18:22

250328-w1brpa1pv2 10

28/03/2025, 17:54

250328-whdtbsy1d1 10

Analysis

  • max time kernel
    2s
  • max time network
    4s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 18:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    babv.exe

  • Size

    29KB

  • MD5

    85e61aaafe402f7a04e793a53288a072

  • SHA1

    e8d088224025f54c58fa11e8b9835fa7dfd3b9ff

  • SHA256

    a7ae40544682a27bb1837c0c5d99f417bb4b8e8036e851529fe49a3d507a570b

  • SHA512

    cbfd7413fa3373e4c947c35b9605c1dade7159de0990f0961eef2bc4e2dc5e06b2e8cef974f9ada76951732a74d715c84d22e58c7dd1a841eab0e3096cc36511

  • SSDEEP

    384:tBs/hl7b1/JEI+GPWrb5hFEaemqD6CLeQTGBsbh0w4wlAokw9OhgOL1vYRGOZz/L:t47bXEI+GevhEsqdLe3BKh0p29SgR5d

Score
10/10
njrathackeddefense_evasiondiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

195.88.218.126:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\babv.exe
    "C:\Users\Admin\AppData\Local\Temp\babv.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2604
    • C:\Users\Admin\AppData\Local\Temp\Trojan.exe
      "C:\Users\Admin\AppData\Local\Temp\Trojan.exe"
      2⤵
        PID:644
        • C:\Windows\SysWOW64\netsh.exe
          netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Trojan.exe" "Trojan.exe" ENABLE
          3⤵
          • Modifies Windows Firewall
          PID:2432

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\Trojan.exe
      Filesize

      29KB

      MD5

      85e61aaafe402f7a04e793a53288a072

      SHA1

      e8d088224025f54c58fa11e8b9835fa7dfd3b9ff

      SHA256

      a7ae40544682a27bb1837c0c5d99f417bb4b8e8036e851529fe49a3d507a570b

      SHA512

      cbfd7413fa3373e4c947c35b9605c1dade7159de0990f0961eef2bc4e2dc5e06b2e8cef974f9ada76951732a74d715c84d22e58c7dd1a841eab0e3096cc36511

      Download Submit

    • memory/644-11-0x00000000745B0000-0x0000000074B5B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/644-12-0x00000000745B0000-0x0000000074B5B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/644-13-0x00000000745B0000-0x0000000074B5B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2604-0-0x00000000745B1000-0x00000000745B2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2604-1-0x00000000745B0000-0x0000000074B5B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2604-2-0x00000000745B0000-0x0000000074B5B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2604-10-0x00000000745B0000-0x0000000074B5B000-memory.dmp

      Filesize

      5.7MB

      Download