Overview

overview

10

Static

static

10

bacc4221cd...7c.exe

windows7-x64

10

bacc4221cd...7c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bacc4221cd4d6009fbabd8a7194bb07c.exe

  • Size

    43KB

  • Sample

    230519-f2j7fsea9z

  • MD5

    bacc4221cd4d6009fbabd8a7194bb07c

  • SHA1

    feb85c565496e6e33ac90352816d35241aa689ca

  • SHA256

    1e39fa1f931865fbce1da5c91b4223683333335426733ad41c1bf050a82b44fe

  • SHA512

    943c191fa03ec068d7d5534b51462946141706ae1f23ea9d7a5f0971f00c208c6a481822fb76d7b4af7cea2ef06964aa4c62bbf5d90e74a6ca14ff9fef361a50

  • SSDEEP

    384:lZyuAFkV6Lk8y85LPjn1m0O6EES+0JKVHbzzIij+ZsNO3PlpJKkkjh/TzF7pWnC2:vHAFksY5ebjn1m0Z2JK2uXQ/ojt2+L

Score
10/10
njrathackertrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

Hacker

C2

5.tcp.eu.ngrok.io:15728

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      bacc4221cd4d6009fbabd8a7194bb07c.exe

    • Size

      43KB

    • MD5

      bacc4221cd4d6009fbabd8a7194bb07c

    • SHA1

      feb85c565496e6e33ac90352816d35241aa689ca

    • SHA256

      1e39fa1f931865fbce1da5c91b4223683333335426733ad41c1bf050a82b44fe

    • SHA512

      943c191fa03ec068d7d5534b51462946141706ae1f23ea9d7a5f0971f00c208c6a481822fb76d7b4af7cea2ef06964aa4c62bbf5d90e74a6ca14ff9fef361a50

    • SSDEEP

      384:lZyuAFkV6Lk8y85LPjn1m0O6EES+0JKVHbzzIij+ZsNO3PlpJKkkjh/TzF7pWnC2:vHAFksY5ebjn1m0Z2JK2uXQ/ojt2+L

    Score
    10/10
    njrathackertrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks