Overview

overview

10

Static

static

5604f7e7a7...e3.exe

windows7-x64

10

5604f7e7a7...e3.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5604f7e7a7ec0b2a91c80bac6e4ce7e3.exe

  • Size

    25KB

  • Sample

    220910-bqnnaahdc9

  • MD5

    5604f7e7a7ec0b2a91c80bac6e4ce7e3

  • SHA1

    de20822d458b1fdd421260e5e42ce4888b6315c1

  • SHA256

    59e02dea77ea89b913bb8552b5c34009f7b84a04a4c61524c42ee3edccf06e3c

  • SHA512

    830b1764256bdfd255c7fcfa90bd278a7790e295416ed972bcb71014ed688b8cc5466e5dc223c32984d40a5dee755b2f305d0c726ce80514e8e73e919e441e8e

  • SSDEEP

    384:sv3ZIgUhKIQ27JJGYtSfcGUxIpRGOmBeqEiVcp0F9h2HbmdPvo8I6CQAbqLKkVLl:svpkhJ7tCgcRG1kpwgwvj1CNqXV6U6m

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:13225

Mutex

WindowsEnginee

Attributes
  • reg_key

    WindowsEnginee

  • splitter

    |Hassan|

Targets

    • Target

      5604f7e7a7ec0b2a91c80bac6e4ce7e3.exe

    • Size

      25KB

    • MD5

      5604f7e7a7ec0b2a91c80bac6e4ce7e3

    • SHA1

      de20822d458b1fdd421260e5e42ce4888b6315c1

    • SHA256

      59e02dea77ea89b913bb8552b5c34009f7b84a04a4c61524c42ee3edccf06e3c

    • SHA512

      830b1764256bdfd255c7fcfa90bd278a7790e295416ed972bcb71014ed688b8cc5466e5dc223c32984d40a5dee755b2f305d0c726ce80514e8e73e919e441e8e

    • SSDEEP

      384:sv3ZIgUhKIQ27JJGYtSfcGUxIpRGOmBeqEiVcp0F9h2HbmdPvo8I6CQAbqLKkVLl:svpkhJ7tCgcRG1kpwgwvj1CNqXV6U6m

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks