Overview

overview

10

Static

static

93667713af...4f.exe

windows7_x64

10

93667713af...4f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93667713af8e23ecde25e78d05f762ecd77d8a7b8667ec78a3cafbf43d724c4f

  • Size

    666KB

  • Sample

    220323-lfhz6abfe8

  • MD5

    92493532531788040b78f62f00c1d5d6

  • SHA1

    e9a348440a7c42b4b9416830dba158f2c51fa68f

  • SHA256

    93667713af8e23ecde25e78d05f762ecd77d8a7b8667ec78a3cafbf43d724c4f

  • SHA512

    b0b6e704ff091318de64a05ce66a029831cb091d95257b184486b5369d22369cc1121a6eff304abce254ad760ba29dbc7cfcb2cd12261a50050e7728415ff818

Score
10/10
44calibernjrathackedspywarestealertrojan

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/947445080342556692/k5eX_haEP42zYxqA0vzh33TmF53CrHI3NFO_LEsqnIXkOW8GqH66QMKAvOSZ3Fkkfhjh

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:25565

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      93667713af8e23ecde25e78d05f762ecd77d8a7b8667ec78a3cafbf43d724c4f

    • Size

      666KB

    • MD5

      92493532531788040b78f62f00c1d5d6

    • SHA1

      e9a348440a7c42b4b9416830dba158f2c51fa68f

    • SHA256

      93667713af8e23ecde25e78d05f762ecd77d8a7b8667ec78a3cafbf43d724c4f

    • SHA512

      b0b6e704ff091318de64a05ce66a029831cb091d95257b184486b5369d22369cc1121a6eff304abce254ad760ba29dbc7cfcb2cd12261a50050e7728415ff818

    Score
    10/10
    44calibernjrathackedspywarestealertrojan

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks