Overview

overview

10

Static

static

10

fbccea33ee...12.exe

windows7-x64

10

fbccea33ee...12.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12

  • Size

    26KB

  • Sample

    240701-fjt9pszfmj

  • MD5

    c5345d4fc7f76d831ad72593042320e7

  • SHA1

    5fd9bc9840cdfcafa164b1bd784aea63b3c34a68

  • SHA256

    fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12

  • SHA512

    ded97b3bac82fd3f3db6c08b72fb3bc4097c5ea3bef3dc0d145b8b852d84cda8d5331e4d7e75f260a347dd2c75f7470afb4aa0d4af51f54d86ed624af6359be4

  • SSDEEP

    384:YLwlYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcaQ6br6s:mAZxRm8VA/vMHTi9bD

Score
10/10
njratops studiopersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

OPS studio

C2

127.0.0.1:1177

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12

    • Size

      26KB

    • MD5

      c5345d4fc7f76d831ad72593042320e7

    • SHA1

      5fd9bc9840cdfcafa164b1bd784aea63b3c34a68

    • SHA256

      fbccea33ee59410909d9ee341ad61f9127679b049d46d1301041410ef56cba12

    • SHA512

      ded97b3bac82fd3f3db6c08b72fb3bc4097c5ea3bef3dc0d145b8b852d84cda8d5331e4d7e75f260a347dd2c75f7470afb4aa0d4af51f54d86ed624af6359be4

    • SSDEEP

      384:YLwlYHHeIYTzRRcbg8iEPrthZMVAQk93vmhm7UMKmIEecKdbXTzm9bVhcaQ6br6s:mAZxRm8VA/vMHTi9bD

    Score
    10/10
    njratops studiopersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Detects executables using attrib with suspicious attributes attributes

    • Detects file containing reversed ASEP Autorun registry keys

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks