Overview

overview

10

Static

static

10

13bdbe209b...49.exe

windows7_x64

10

13bdbe209b...49.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13bdbe209bf4debb64ae864fadf4ef36f0ed07c4b8f27348ad1292ee637a5549

  • Size

    43KB

  • Sample

    220520-fapb4aadb8

  • MD5

    2b9d2be8b035d3d7ebb14b28181e449f

  • SHA1

    2bfa15d28c1a4ab5c3218abb1d5886d10ec1eb6b

  • SHA256

    13bdbe209bf4debb64ae864fadf4ef36f0ed07c4b8f27348ad1292ee637a5549

  • SHA512

    4663d11d4a1111f636f7bc2f40f238c003ee777839177877cb15b7566e37a5ff4d897e1cc4019855d4962831e27b731646c5430f31adb433a63bb7ea41c4a027

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

123456789vvbb.ddns.net:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      13bdbe209bf4debb64ae864fadf4ef36f0ed07c4b8f27348ad1292ee637a5549

    • Size

      43KB

    • MD5

      2b9d2be8b035d3d7ebb14b28181e449f

    • SHA1

      2bfa15d28c1a4ab5c3218abb1d5886d10ec1eb6b

    • SHA256

      13bdbe209bf4debb64ae864fadf4ef36f0ed07c4b8f27348ad1292ee637a5549

    • SHA512

      4663d11d4a1111f636f7bc2f40f238c003ee777839177877cb15b7566e37a5ff4d897e1cc4019855d4962831e27b731646c5430f31adb433a63bb7ea41c4a027

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks