Overview

overview

10

Static

static

SecuriteIn...67.exe

windows7_x64

10

SecuriteIn...67.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Emotet.987.23049.3767

  • Size

    36KB

  • Sample

    200801-ntld9bpf3e

  • MD5

    f1f8814239371bbaa60f2d2bced185e4

  • SHA1

    117dea564d6f7ed5c6741b8fd5a87bcac5765722

  • SHA256

    b20ffc1d22dbcae7052b7414d7ed19303ec13f419d41dd976806de7f86bc9b31

  • SHA512

    4b3a0f5029544a3b94d735a2c609fce17fad47e9d9bfb210b68eb0da1e572e6831492317415b2bcf23c542fa024e50a1fe44d5586d8c9a855003090e1d87a87c

Score
10/10
njratevasionpersistencetrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.Emotet.987.23049.3767

    • Size

      36KB

    • MD5

      f1f8814239371bbaa60f2d2bced185e4

    • SHA1

      117dea564d6f7ed5c6741b8fd5a87bcac5765722

    • SHA256

      b20ffc1d22dbcae7052b7414d7ed19303ec13f419d41dd976806de7f86bc9b31

    • SHA512

      4b3a0f5029544a3b94d735a2c609fce17fad47e9d9bfb210b68eb0da1e572e6831492317415b2bcf23c542fa024e50a1fe44d5586d8c9a855003090e1d87a87c

    Score
    10/10
    evasionpersistencetrojannjrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks