Overview

overview

10

Static

static

3

131cc4da76...1f.exe

windows7-x64

10

131cc4da76...1f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    131cc4da76d323e1792e458585a9161f.exe

  • Size

    70KB

  • Sample

    230715-wlv7sabe75

  • MD5

    131cc4da76d323e1792e458585a9161f

  • SHA1

    2391bf26f9f880672a3469d8137fdd9c0daacd30

  • SHA256

    35822e68e8334cb47ca9cf01a80ec85047fbf6218298a4c4ee08b41b02bb9658

  • SHA512

    5c5b62217c04770f18e108b5623e0302329dceb28a695fe8bad316b9d8787aaa0dcf5f056bcc223d600aa45348c8e857e4bc48b56b878d3117e30afc64d0f1a4

  • SSDEEP

    768:zdlo/TaYmBcU7BKvk7m+8RoqdTQ+UzpvCHtnDvk7m+8RoqdTQ+UzpvCHtn2:zdoTsBrd7mvR7dTupvcS7mvR7dTupvcg

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

tyfdfdfs.ddns.net:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      131cc4da76d323e1792e458585a9161f.exe

    • Size

      70KB

    • MD5

      131cc4da76d323e1792e458585a9161f

    • SHA1

      2391bf26f9f880672a3469d8137fdd9c0daacd30

    • SHA256

      35822e68e8334cb47ca9cf01a80ec85047fbf6218298a4c4ee08b41b02bb9658

    • SHA512

      5c5b62217c04770f18e108b5623e0302329dceb28a695fe8bad316b9d8787aaa0dcf5f056bcc223d600aa45348c8e857e4bc48b56b878d3117e30afc64d0f1a4

    • SSDEEP

      768:zdlo/TaYmBcU7BKvk7m+8RoqdTQ+UzpvCHtnDvk7m+8RoqdTQ+UzpvCHtn2:zdoTsBrd7mvR7dTupvcS7mvR7dTupvcg

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks