Overview

overview

10

Static

static

51c464a355...c2.exe

windows7-x64

10

51c464a355...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51c464a3550ce54e3c154bfb64b4695a1acd36710623de61eb7b5334b3b982c2

  • Size

    184KB

  • Sample

    221125-llakzagd43

  • MD5

    bb62a78d6aa0091a88657f2ad2044672

  • SHA1

    69b83ad3fdb2228a63a073aad827bc117db2c271

  • SHA256

    51c464a3550ce54e3c154bfb64b4695a1acd36710623de61eb7b5334b3b982c2

  • SHA512

    f7d4d0cccfe086708386fed884bac4307287e1623465c2c3ed1e0322a876ec8748990ef47fd222ed4cf47220a36fe36aa7a76882df58b5008ebc47e5905eccef

  • SSDEEP

    3072:KkYdlq+vt1XvI//44444Yi444OoS444O4W444444Z44444d444444B444OF48w4y:KP4+vt1c9Kr+OhNu3kWu

Score
10/10
njrat????????persistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

????????

C2

cheatleha228.ddns.net:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      51c464a3550ce54e3c154bfb64b4695a1acd36710623de61eb7b5334b3b982c2

    • Size

      184KB

    • MD5

      bb62a78d6aa0091a88657f2ad2044672

    • SHA1

      69b83ad3fdb2228a63a073aad827bc117db2c271

    • SHA256

      51c464a3550ce54e3c154bfb64b4695a1acd36710623de61eb7b5334b3b982c2

    • SHA512

      f7d4d0cccfe086708386fed884bac4307287e1623465c2c3ed1e0322a876ec8748990ef47fd222ed4cf47220a36fe36aa7a76882df58b5008ebc47e5905eccef

    • SSDEEP

      3072:KkYdlq+vt1XvI//44444Yi444OoS444O4W444444Z44444d444444B444OF48w4y:KP4+vt1c9Kr+OhNu3kWu

    Score
    10/10
    njrat????????persistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks