1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79

General
Target

1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79

Size

460KB

Sample

210923-h1jkmsacer

Score
10 /10
MD5

3b6f38ea6928bca0be7ce6cf39ec8959

SHA1

5ea0766825327580776bc88add0e9267d97965e5

SHA256

1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79

SHA512

d8355e551f8cfab86523036a69407a86723add802a361eeaf54c65301ed5c4b88713aada239e6e41ac9b326e74f8652488498126d6883b58c5425f0f50543ec0

Malware Config

Extracted

Family njrat
Version Njrat 0.7 Golden By Hassan Amiri
Botnet v1
C2

xyz.videomarket.eu:1970

Attributes
reg_key
Windows Update
splitter
|Hassan|
Targets
Target

1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79

MD5

3b6f38ea6928bca0be7ce6cf39ec8959

Filesize

460KB

Score
10 /10
SHA1

5ea0766825327580776bc88add0e9267d97965e5

SHA256

1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79

SHA512

d8355e551f8cfab86523036a69407a86723add802a361eeaf54c65301ed5c4b88713aada239e6e41ac9b326e74f8652488498126d6883b58c5425f0f50543ec0

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    6/10