njrat | bd25d061e47807928047ff754e3f35793863949c20b9b13a92a3a08cbc78dee0 | Triage

Sharing

General

Target

5f802ab572b198f0c0a318bff7cd2f50.exe
Size

43KB
Sample

230315-2py1qsaa2w
MD5

5f802ab572b198f0c0a318bff7cd2f50
SHA1

9ae70ca25a45f16e5fc59c00bc18dfe4d7a1273b
SHA256

bd25d061e47807928047ff754e3f35793863949c20b9b13a92a3a08cbc78dee0
SHA512

46b75393c0688d874d89140aae52f3cd8ca773e8c3627e3257cc52603299edac562d06772639b00430b95c2ae712690cc8a3d54e79290b3d69e435ed3f16ea8b
SSDEEP

384:W8ZyIQt3VarE8yTH/rq5WKOEnsDay0+TzEIij+ZsNO3PlpJKkkjh/TzF7pWnm/gm:W6n63MY5Tfrq5hGDFuXQ/of3+L

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:15489

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  5f802ab572b198f0c0a318bff7cd2f50.exe
- Size
  
  43KB
- MD5
  
  5f802ab572b198f0c0a318bff7cd2f50
- SHA1
  
  9ae70ca25a45f16e5fc59c00bc18dfe4d7a1273b
- SHA256
  
  bd25d061e47807928047ff754e3f35793863949c20b9b13a92a3a08cbc78dee0
- SHA512
  
  46b75393c0688d874d89140aae52f3cd8ca773e8c3627e3257cc52603299edac562d06772639b00430b95c2ae712690cc8a3d54e79290b3d69e435ed3f16ea8b
- SSDEEP
  
  384:W8ZyIQt3VarE8yTH/rq5WKOEnsDay0+TzEIij+ZsNO3PlpJKkkjh/TzF7pWnm/gm:W6n63MY5Tfrq5hGDFuXQ/of3+L
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan