njrat | c28550985ad9088407d8149d7d37155c97f10a461581c8a570bb082436596aff | Triage

Sharing

General

Target

0x000b0000000122e7-60.dat
Size

43KB
Sample

230612-dqyjlabc6y
MD5

7bc43f36b07c8b1de174daf7f4ead29b
SHA1

700a9e8e4a8a0cd8f7b3b1c58ebf5e47dfa7ec31
SHA256

c28550985ad9088407d8149d7d37155c97f10a461581c8a570bb082436596aff
SHA512

54169b096eb83782316ea605c391ee70c00099292fdecffff72656989f9eb0ed2d5448f4eb0374d3426c5c7e1d964d2634cd46beedd70aebf7417c28bcdefe8a
SSDEEP

384:mZyCdFI1STss7yKSXfuGSOEdrpS2dzsIij+ZsNO3PlpJKkkjh/TzF7pWn6/greTf:8Fduk4smKSvupPrkYuXQ/oD3+L

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

2.tcp.eu.ngrok.io:19328

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  0x000b0000000122e7-60.dat
- Size
  
  43KB
- MD5
  
  7bc43f36b07c8b1de174daf7f4ead29b
- SHA1
  
  700a9e8e4a8a0cd8f7b3b1c58ebf5e47dfa7ec31
- SHA256
  
  c28550985ad9088407d8149d7d37155c97f10a461581c8a570bb082436596aff
- SHA512
  
  54169b096eb83782316ea605c391ee70c00099292fdecffff72656989f9eb0ed2d5448f4eb0374d3426c5c7e1d964d2634cd46beedd70aebf7417c28bcdefe8a
- SSDEEP
  
  384:mZyCdFI1STss7yKSXfuGSOEdrpS2dzsIij+ZsNO3PlpJKkkjh/TzF7pWn6/greTf:8Fduk4smKSvupPrkYuXQ/oD3+L
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan