Overview

overview

10

Static

static

10

128a3a8ca2...26.exe

windows7_x64

10

128a3a8ca2...26.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    128a3a8ca2f63f12a3f5c52c11635989bc2b3dd14e705b8868817c9bf7623426

  • Size

    43KB

  • Sample

    220520-z4qa2adea4

  • MD5

    7557d4d25110dd9da2ec0decf9371c87

  • SHA1

    4c836fc63e4ecb4edef195b11fe467a94a7ce7ee

  • SHA256

    128a3a8ca2f63f12a3f5c52c11635989bc2b3dd14e705b8868817c9bf7623426

  • SHA512

    24de0797d58f68347cee803b7d49df892c1f1ec679df173539d95a5e20978b32b9a657e1c51248dce0ebaab1960708186347f14e4470684e623242301804fe0b

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

nanat.ddns.net :1604

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      128a3a8ca2f63f12a3f5c52c11635989bc2b3dd14e705b8868817c9bf7623426

    • Size

      43KB

    • MD5

      7557d4d25110dd9da2ec0decf9371c87

    • SHA1

      4c836fc63e4ecb4edef195b11fe467a94a7ce7ee

    • SHA256

      128a3a8ca2f63f12a3f5c52c11635989bc2b3dd14e705b8868817c9bf7623426

    • SHA512

      24de0797d58f68347cee803b7d49df892c1f1ec679df173539d95a5e20978b32b9a657e1c51248dce0ebaab1960708186347f14e4470684e623242301804fe0b

    Score
    10/10
    njrathackedtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks