Overview

overview

10

Static

static

66df4d837d...fb.exe

windows7-x64

10

66df4d837d...fb.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66df4d837d9b6b60b845ef343b763bfb.exe

  • Size

    25KB

  • Sample

    220831-hfrqhsacgl

  • MD5

    66df4d837d9b6b60b845ef343b763bfb

  • SHA1

    f27a811445b649ff9a91da52152caf847ad38470

  • SHA256

    ae1d5fd5d55bedc76554a13d0eee68ae8bb3e9af0cbf4fd3d1ae25e21bc1c1d3

  • SHA512

    1f3258e69151f5fb0680ee02cc554d179092f00278dd54ab0dd75a987494ba75652d3c7f95925e5b25b95f0b4392663046d203b7fc58a2e54871a56899f2ff84

  • SSDEEP

    768:svpUfE0bKP7eYkkrbiPs9Mvnv474hIScRj19dU2QW:QG9GP7eA2P5h0F19dU2QW

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:12072

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      66df4d837d9b6b60b845ef343b763bfb.exe

    • Size

      25KB

    • MD5

      66df4d837d9b6b60b845ef343b763bfb

    • SHA1

      f27a811445b649ff9a91da52152caf847ad38470

    • SHA256

      ae1d5fd5d55bedc76554a13d0eee68ae8bb3e9af0cbf4fd3d1ae25e21bc1c1d3

    • SHA512

      1f3258e69151f5fb0680ee02cc554d179092f00278dd54ab0dd75a987494ba75652d3c7f95925e5b25b95f0b4392663046d203b7fc58a2e54871a56899f2ff84

    • SSDEEP

      768:svpUfE0bKP7eYkkrbiPs9Mvnv474hIScRj19dU2QW:QG9GP7eA2P5h0F19dU2QW

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks