Overview

overview

10

Static

static

3D882526B3...7E.exe

windows7_x64

10

3D882526B3...7E.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3D882526B381E7B346837E515ED7817E.exe

  • Size

    29.3MB

  • Sample

    211229-xvx86sdgaq

  • MD5

    3d882526b381e7b346837e515ed7817e

  • SHA1

    13b0ad476f89697708910d80152b56224ee8cfe1

  • SHA256

    8fc6e869d0bb32f11f19ff4628bfd3e8c7c0616f01becb93f4c828955e28465b

  • SHA512

    f61ac064d31331e827afa4701bd05c892788e25f3670fa47239e04a36185051d0bf42707a1c4eec1d14b87e3c209eff475cbdc61b435af3b387dd1b9129d9b63

Score
10/10
njratpcsuricatatrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

PC

C2

8.tcp.ngrok.io:12581

Mutex

steam_loder

Attributes
  • reg_key

    steam_loder

  • splitter

    |Hassan|

Targets

    • Target

      3D882526B381E7B346837E515ED7817E.exe

    • Size

      29.3MB

    • MD5

      3d882526b381e7b346837e515ed7817e

    • SHA1

      13b0ad476f89697708910d80152b56224ee8cfe1

    • SHA256

      8fc6e869d0bb32f11f19ff4628bfd3e8c7c0616f01becb93f4c828955e28465b

    • SHA512

      f61ac064d31331e827afa4701bd05c892788e25f3670fa47239e04a36185051d0bf42707a1c4eec1d14b87e3c209eff475cbdc61b435af3b387dd1b9129d9b63

    Score
    10/10
    njratpcsuricatatrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks