njrat | 6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21 | Triage

Sharing

General

Target

6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21
Size

25KB
Sample

220520-e2417ahhe3
MD5

5484a6514223d5198cdb314d878c313e
SHA1

a4e744d86cc1d60457c9e364eac5d5a1fdd94cd0
SHA256

6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21
SHA512

e2611f4eba2bc9c2ad83337564a520609cf3fdbb0e4a71e62d069ca7d8658b63b40843005f04cc86909bd23442c5896267720276126b3aa5cc359faf5254f511

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:27015

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21
- Size
  
  25KB
- MD5
  
  5484a6514223d5198cdb314d878c313e
- SHA1
  
  a4e744d86cc1d60457c9e364eac5d5a1fdd94cd0
- SHA256
  
  6f8c9709a0b1e030a5e5a0c1db02347f21f1f7c5e8e4e6d44001fd4f0e555e21
- SHA512
  
  e2611f4eba2bc9c2ad83337564a520609cf3fdbb0e4a71e62d069ca7d8658b63b40843005f04cc86909bd23442c5896267720276126b3aa5cc359faf5254f511
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2