Overview

overview

10

Static

static

8jQjN40g.exe

windows7_x64

10

8jQjN40g.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8jQjN40g.exe

  • Size

    166KB

  • Sample

    201126-k6jnpghfna

  • MD5

    2907d85cec9feca60fb68d333df699bd

  • SHA1

    1321bb84701c7e8a4d0e9fbe0cdbc68431afa0ab

  • SHA256

    e3c16d541a7cc07e3cee9f49494a2478a861682e9f0e403ec92d6ebd0b0d4f89

  • SHA512

    e749f5454a56915b522af2d53e2ff468e90b00735cf52a93b06e9e83d29f298aa1b5ef70972890c997d595486c79df3fe3a828c5707830783a5a22de113a742c

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

sohaib123.ddns.net:8819

Mutex

76d6fa0ad4f0209dc371d3c4b2c000c1

Attributes
  • reg_key

    76d6fa0ad4f0209dc371d3c4b2c000c1

  • splitter

    |'|'|

Targets

    • Target

      8jQjN40g.exe

    • Size

      166KB

    • MD5

      2907d85cec9feca60fb68d333df699bd

    • SHA1

      1321bb84701c7e8a4d0e9fbe0cdbc68431afa0ab

    • SHA256

      e3c16d541a7cc07e3cee9f49494a2478a861682e9f0e403ec92d6ebd0b0d4f89

    • SHA512

      e749f5454a56915b522af2d53e2ff468e90b00735cf52a93b06e9e83d29f298aa1b5ef70972890c997d595486c79df3fe3a828c5707830783a5a22de113a742c

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks