njrat | 4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d | Triage

Sharing

General

Target

4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d
Size

43KB
Sample

220520-e679eachfq
MD5

574d035ff06b55e29bc08ae59b51bb68
SHA1

16d2c71a0d0fc3fc0d69f4804e5e8f8e781afe08
SHA256

4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d
SHA512

4aed1b99bc0da26f11de8cbc3735b80d8b9af2e39e8bc03177ab0990508e6957d73d47506fcd8a344fb25d4b125040451f4950109589ec09f07e26cbdf73dbaa

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

82.202.167.202:3838

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d
- Size
  
  43KB
- MD5
  
  574d035ff06b55e29bc08ae59b51bb68
- SHA1
  
  16d2c71a0d0fc3fc0d69f4804e5e8f8e781afe08
- SHA256
  
  4494c83c9716a35a3681bf7eb858d75532872ba9dc4899544d8c288d2b87b09d
- SHA512
  
  4aed1b99bc0da26f11de8cbc3735b80d8b9af2e39e8bc03177ab0990508e6957d73d47506fcd8a344fb25d4b125040451f4950109589ec09f07e26cbdf73dbaa
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan