General
Target

211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7

Size

612KB

Sample

220330-ekltaabhdr

Score
10/10
MD5

f414c142f690168170dc839b538fae62

SHA1

f1695b6b8b52c13148d2bca87269b9d11479f2c5

SHA256

211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7

SHA512

e7eb28451c72366c9d05421902ecccbc296c7173f2481b5c2a654fe967ffb6661ff23246cbe67698f788e9646a3880b3d29c1c7ed39ee7dc456c202f2e454e7c

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

1

C2

127.0.0.1:6666

Attributes
reg_key
Windows Update
splitter
|Hassan|
Targets
Target

211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7

MD5

f414c142f690168170dc839b538fae62

Filesize

612KB

Score
10/10
SHA1

f1695b6b8b52c13148d2bca87269b9d11479f2c5

SHA256

211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7

SHA512

e7eb28451c72366c9d05421902ecccbc296c7173f2481b5c2a654fe967ffb6661ff23246cbe67698f788e9646a3880b3d29c1c7ed39ee7dc456c202f2e454e7c

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        N/A

                        behavioral1

                        Score
                        10/10

                        behavioral2

                        Score
                        10/10