Description
Widely used RAT written in .NET.
General
Target
Size
Sample
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7
612KB
220330-ekltaabhdr
Score
10/10
MD5
SHA1
SHA256
SHA512
f414c142f690168170dc839b538fae62
f1695b6b8b52c13148d2bca87269b9d11479f2c5
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7
e7eb28451c72366c9d05421902ecccbc296c7173f2481b5c2a654fe967ffb6661ff23246cbe67698f788e9646a3880b3d29c1c7ed39ee7dc456c202f2e454e7c
Malware Config
Extracted
| Family | njrat |
| Version | Njrat 0.7 Golden By Hassan Amiri |
| Botnet | 1 |
| C2 |
127.0.0.1:6666 |
| Attributes |
reg_key Windows Update
splitter |Hassan| |
Targets
Target
MD5
Filesize
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7
f414c142f690168170dc839b538fae62
612KB
Score
10/10
SHA1
SHA256
SHA512
f1695b6b8b52c13148d2bca87269b9d11479f2c5
211be1147cc8c04fa90c052f43d408463d193821e7fad1f225efc0fb6fad73d7
e7eb28451c72366c9d05421902ecccbc296c7173f2481b5c2a654fe967ffb6661ff23246cbe67698f788e9646a3880b3d29c1c7ed39ee7dc456c202f2e454e7c
Tags
Signatures
-
njRAT/Bladabindi
-
Executes dropped EXE
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10