Overview

overview

10

Static

static

10

Server.exe

windows10-ltsc_2021-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Server.exe

  • Size

    37KB

  • Sample

    250401-g43x1sxkz8

  • MD5

    69a63826396394dda992a5031f523b11

  • SHA1

    6ca89b77eaa65d9c970d0071dc2677f852517fc5

  • SHA256

    be045197a762a6d773cd7ddbe97b3a2e5ddac683c271c080fe75cdf03d87b98a

  • SHA512

    aaba1ee3c874a2bd0ca8da8dd5ffa44f57209ac6ed97b44f7ca689b2dbcc45af62256a12edb360e18ea0165c386dff1f7dabf7ffd43b6d3fd6ed2d4eb67c4f1c

  • SSDEEP

    384:EWqBkiyjnDNGRn5IyUvapIrPbh+/VsIt6xrAF+rMRTyN/0L+EcoinblneHQM3epd:x35M5jUvairANsIQxrM+rMRa8NuiGt

Score
10/10
njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

26.ip.gl.ply.gg:55609

Mutex

e70d52b52cebf51e595b7b1265a8cbe7

Attributes
  • reg_key

    e70d52b52cebf51e595b7b1265a8cbe7

  • splitter

    |'|'|

Targets

    • Target

      Server.exe

    • Size

      37KB

    • MD5

      69a63826396394dda992a5031f523b11

    • SHA1

      6ca89b77eaa65d9c970d0071dc2677f852517fc5

    • SHA256

      be045197a762a6d773cd7ddbe97b3a2e5ddac683c271c080fe75cdf03d87b98a

    • SHA512

      aaba1ee3c874a2bd0ca8da8dd5ffa44f57209ac6ed97b44f7ca689b2dbcc45af62256a12edb360e18ea0165c386dff1f7dabf7ffd43b6d3fd6ed2d4eb67c4f1c

    • SSDEEP

      384:EWqBkiyjnDNGRn5IyUvapIrPbh+/VsIt6xrAF+rMRTyN/0L+EcoinblneHQM3epd:x35M5jUvairANsIQxrM+rMRa8NuiGt

    Score
    10/10
    njrathackeddefense_evasiondiscoverypersistenceprivilege_escalationtrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks