Overview

overview

10

Static

static

10

968C669247...F6.exe

windows7-x64

10

968C669247...F6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    968C669247FA766C85B612DB143F89228E4EE94329CF6.exe

  • Size

    43KB

  • Sample

    220910-nxaffsdgdk

  • MD5

    dee17a4707e3c4a27b66cba03ae27f09

  • SHA1

    e6e592ddb3ea17084191d69ea14576a3f6a8a7e8

  • SHA256

    968c669247fa766c85b612db143f89228e4ee94329cf6fe62a6b78bac1b4b5c8

  • SHA512

    ec41e9c5d07ec702f87b7c06eceab46caba7b667b4b43ae2a9ad41f9d8f79630c7e87ad8e06b8f0925261532cdbb1f5f21a3c3bcc5a3cc744892916108a0cbf9

  • SSDEEP

    384:/8ZyVhkyCEFmVoybRxMbAW4EpEzMghwzEIij+ZsNO3PlpJKkkjh/TzF7pWno/grq:/6AhkyVAVlbT6vCQgQuXQ/o1/+L

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:14880

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      968C669247FA766C85B612DB143F89228E4EE94329CF6.exe

    • Size

      43KB

    • MD5

      dee17a4707e3c4a27b66cba03ae27f09

    • SHA1

      e6e592ddb3ea17084191d69ea14576a3f6a8a7e8

    • SHA256

      968c669247fa766c85b612db143f89228e4ee94329cf6fe62a6b78bac1b4b5c8

    • SHA512

      ec41e9c5d07ec702f87b7c06eceab46caba7b667b4b43ae2a9ad41f9d8f79630c7e87ad8e06b8f0925261532cdbb1f5f21a3c3bcc5a3cc744892916108a0cbf9

    • SSDEEP

      384:/8ZyVhkyCEFmVoybRxMbAW4EpEzMghwzEIij+ZsNO3PlpJKkkjh/TzF7pWno/grq:/6AhkyVAVlbT6vCQgQuXQ/o1/+L

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks