Overview

overview

10

Static

static

10

detectable...R0.exe

windows10-2004-x64

10

Resubmissions

06-06-2023 18:00

230606-wla7lsfd9w 10

06-06-2023 17:59

230606-wkvvmafd9s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    detectable gui by JO1TAR0.exe

  • Size

    43KB

  • Sample

    230606-wla7lsfd9w

  • MD5

    57cdd22688c43ddc013f9fcd6f99229a

  • SHA1

    b401750b8761ff693509be4121f8a81a489c65d6

  • SHA256

    b759f0aafb6514247634e21bfe6e8784fe5933172e1528735c068edc1cf62fab

  • SHA512

    5282ae3b34af16ea7951edaa1635cc8eb38252551d0b10fe61a27327f41e434fa56d0726b5c6d0b133dca6aec4ec7f0ba92e299a5b756253f69b4eec930e5b98

  • SSDEEP

    384:F8ZyoQF3VarE8yTTTfqtiWqEnkDai0+TzEIij+ZsNO3PlpJKkkjh/TzF7pWna/gm:F6zi3MY5TffqtpSDluXQ/ob3+L

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

5.tcp.eu.ngrok.io:12308

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      detectable gui by JO1TAR0.exe

    • Size

      43KB

    • MD5

      57cdd22688c43ddc013f9fcd6f99229a

    • SHA1

      b401750b8761ff693509be4121f8a81a489c65d6

    • SHA256

      b759f0aafb6514247634e21bfe6e8784fe5933172e1528735c068edc1cf62fab

    • SHA512

      5282ae3b34af16ea7951edaa1635cc8eb38252551d0b10fe61a27327f41e434fa56d0726b5c6d0b133dca6aec4ec7f0ba92e299a5b756253f69b4eec930e5b98

    • SSDEEP

      384:F8ZyoQF3VarE8yTTTfqtiWqEnkDai0+TzEIij+ZsNO3PlpJKkkjh/TzF7pWna/gm:F6zi3MY5TffqtpSDluXQ/ob3+L

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks