njrat | 0ead535096595299c8f0d61f477c1496b73fdd27fecd2b64c4d4601a235b2d9c | Triage

Sharing

General

Target

0ead535096595299c8f0d61f477c1496b73fdd27fecd2b64c4d4601a235b2d9c
Size

43KB
Sample

220524-tjg62acfcq
MD5

e1cf67b4d9d8f97c560ead779c2db107
SHA1

5babfb850f0e496a23c688a512fb314e3d149bdc
SHA256

0ead535096595299c8f0d61f477c1496b73fdd27fecd2b64c4d4601a235b2d9c
SHA512

49296af4b4f9710a6a37f21cef30fe186d748e34d15e258b25920d8991ff92824499209969da5925c6a3caea555298a201ab597360ff659daede5b3ba17fe026

Score

10^/10

njrat topher suricata

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

topher

C2

0.tcp.ngrok.io:15575

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  0ead535096595299c8f0d61f477c1496b73fdd27fecd2b64c4d4601a235b2d9c
- Size
  
  43KB
- MD5
  
  e1cf67b4d9d8f97c560ead779c2db107
- SHA1
  
  5babfb850f0e496a23c688a512fb314e3d149bdc
- SHA256
  
  0ead535096595299c8f0d61f477c1496b73fdd27fecd2b64c4d4601a235b2d9c
- SHA512
  
  49296af4b4f9710a6a37f21cef30fe186d748e34d15e258b25920d8991ff92824499209969da5925c6a3caea555298a201ab597360ff659daede5b3ba17fe026
Score

10^/10

suricata
- suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
  suricata
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2