njrat | 9967e850c168d73df6fe76cfe6a8a60923d5917aba4cc42022868dac449f96e5 | Triage

Sharing

General

Target

9967e850c168d73df6fe76cfe6a8a60923d5917aba4cc42022868dac449f96e5
Size

141KB
Sample

220725-fq2mcsgabr
MD5

b4f5dd71769196c918920915d0bed08e
SHA1

ead1536e111ef7b9b2d56beb79978044973de0cd
SHA256

9967e850c168d73df6fe76cfe6a8a60923d5917aba4cc42022868dac449f96e5
SHA512

bd183785fc9314e646d2acf3ffa458c9710125f7ac65f62714f15f439e7c8c8c0ca2f976e2e3018c275b752b5b87ef1e9e1db21cd7aa3e900295f9ede336df10

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

95.27.105.214:5554

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  9967e850c168d73df6fe76cfe6a8a60923d5917aba4cc42022868dac449f96e5
- Size
  
  141KB
- MD5
  
  b4f5dd71769196c918920915d0bed08e
- SHA1
  
  ead1536e111ef7b9b2d56beb79978044973de0cd
- SHA256
  
  9967e850c168d73df6fe76cfe6a8a60923d5917aba4cc42022868dac449f96e5
- SHA512
  
  bd183785fc9314e646d2acf3ffa458c9710125f7ac65f62714f15f439e7c8c8c0ca2f976e2e3018c275b752b5b87ef1e9e1db21cd7aa3e900295f9ede336df10
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedtrojan