General

  • Target

    a601df2c73f63a84778303a96d681665.exe

  • Size

    43KB

  • Sample

    211108-p6zblshcap

  • MD5

    a601df2c73f63a84778303a96d681665

  • SHA1

    e24836a3c8a577bf981df3adc0b66fdea713562f

  • SHA256

    64f9f7907d9d7c486cbad8d452c75cfed218ec8b8a1dccf97764a284085919a0

  • SHA512

    9c08357ecff7846b4fb526df932fe4e65b9af2f567baf0c64480ca9c94ba3812a3a4d19d76a4721b8c9ca0f3cd07e71d6aca3f414096077a08f79ada161f6f7b

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

6.tcp.ngrok.io:10332

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      a601df2c73f63a84778303a96d681665.exe

    • Size

      43KB

    • MD5

      a601df2c73f63a84778303a96d681665

    • SHA1

      e24836a3c8a577bf981df3adc0b66fdea713562f

    • SHA256

      64f9f7907d9d7c486cbad8d452c75cfed218ec8b8a1dccf97764a284085919a0

    • SHA512

      9c08357ecff7846b4fb526df932fe4e65b9af2f567baf0c64480ca9c94ba3812a3a4d19d76a4721b8c9ca0f3cd07e71d6aca3f414096077a08f79ada161f6f7b

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks