Overview

overview

10

Static

static

SecuriteIn...36.exe

windows7_x64

10

SecuriteIn...36.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Variant.Ursu.93722.24785.25936

  • Size

    52KB

  • Sample

    200801-hwt1vhejs6

  • MD5

    69ad69047088324a6a754b904abb0c55

  • SHA1

    e91627fd943b1de0c7cd92a9e3b9217765f20baf

  • SHA256

    69cef8fa1209f02ef528ee93959c7c5e20a10e603b8a4251ba673d4cfd9e4b5e

  • SHA512

    c6b81bd1645976744e7251c673bafce4f0154bca915334c3e2c62673194505e55ffc3477f32926c60251e49f04a2b569c078d5111a445db289de4a73585236ef

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Variant.Ursu.93722.24785.25936

    • Size

      52KB

    • MD5

      69ad69047088324a6a754b904abb0c55

    • SHA1

      e91627fd943b1de0c7cd92a9e3b9217765f20baf

    • SHA256

      69cef8fa1209f02ef528ee93959c7c5e20a10e603b8a4251ba673d4cfd9e4b5e

    • SHA512

      c6b81bd1645976744e7251c673bafce4f0154bca915334c3e2c62673194505e55ffc3477f32926c60251e49f04a2b569c078d5111a445db289de4a73585236ef

    Score
    10/10
    trojannjratevasionpersistence

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks