Overview

overview

10

Static

static

10

72CA3E2F84...27.exe

windows7_x64

10

72CA3E2F84...27.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe

  • Size

    37KB

  • Sample

    220114-q7lmksgee5

  • MD5

    70aca878bfaac1eaf7019eddd97fc877

  • SHA1

    4997c055b582c71cbb3863c9523986b51a339797

  • SHA256

    72ca3e2f8479a075c8e089f543f79c4f1cf868d66d3272b2e6b0f0fded1bdb60

  • SHA512

    17bedcd516ba8f18b5e4d8a2a8c9d1b6e95be2158d654b3b15fe2d379cdce682c609801e1b5c01487fa732ef1591d7cde1460448ffd4ffe8a50f6c3c82cb36c2

Score
10/10
njrathackedevasionpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.ngrok.io:13467

Mutex

9156ea52d892a71a5c604fdd4141de82

Attributes
  • reg_key

    9156ea52d892a71a5c604fdd4141de82

  • splitter

    |'|'|

Targets

    • Target

      72CA3E2F8479A075C8E089F543F79C4F1CF868D66D327.exe

    • Size

      37KB

    • MD5

      70aca878bfaac1eaf7019eddd97fc877

    • SHA1

      4997c055b582c71cbb3863c9523986b51a339797

    • SHA256

      72ca3e2f8479a075c8e089f543f79c4f1cf868d66d3272b2e6b0f0fded1bdb60

    • SHA512

      17bedcd516ba8f18b5e4d8a2a8c9d1b6e95be2158d654b3b15fe2d379cdce682c609801e1b5c01487fa732ef1591d7cde1460448ffd4ffe8a50f6c3c82cb36c2

    Score
    10/10
    njrathackedevasionpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks