njrat | 557f48ca00803c41434f3e01286839df2c69253244b5e67bd16b02c260a4a28d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

557f48ca00803c41434f3e01286839df2c69253244b5e67bd16b02c260a4a28dexe_JC.exe
Size

43KB
Sample

230803-w3crrsgg3s
MD5

aa91557978aa60bc7bf9d84471e119d4
SHA1

b7dd12b6219cc1157c91c1afc913b138cc170b66
SHA256

557f48ca00803c41434f3e01286839df2c69253244b5e67bd16b02c260a4a28d
SHA512

8a8971c7f0211de2b41eaacf4f2d397a7ab617f7e5f76acd5b49b160952d92e92cf3537d604b939b1cc4b4dcb07e2c102b00f98d76083f435e022d87064dca55
SSDEEP

384:yZyzSg98NaIyrLPb3cWESES6ik7azsIij+ZsNO3PlpJKkkjh/TzF7pWnk/greT0k:A4ywFrzb3cP7QuXQ/oh/+L

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:11176

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  557f48ca00803c41434f3e01286839df2c69253244b5e67bd16b02c260a4a28dexe_JC.exe
- Size
  
  43KB
- MD5
  
  aa91557978aa60bc7bf9d84471e119d4
- SHA1
  
  b7dd12b6219cc1157c91c1afc913b138cc170b66
- SHA256
  
  557f48ca00803c41434f3e01286839df2c69253244b5e67bd16b02c260a4a28d
- SHA512
  
  8a8971c7f0211de2b41eaacf4f2d397a7ab617f7e5f76acd5b49b160952d92e92cf3537d604b939b1cc4b4dcb07e2c102b00f98d76083f435e022d87064dca55
- SSDEEP
  
  384:yZyzSg98NaIyrLPb3cWESES6ik7azsIij+ZsNO3PlpJKkkjh/TzF7pWnk/greT0k:A4ywFrzb3cP7QuXQ/oh/+L
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan