njrat | dafc057aeed8cfc248678ef196f75f2325aa653ae94ebbff3ddb98b1aeb90848 | Triage

Sharing

General

Target

5b99e96e08af83ea3c1fe4778d5e2f8a.exe
Size

43KB
Sample

230824-pf13hsce26
MD5

5b99e96e08af83ea3c1fe4778d5e2f8a
SHA1

1bc510bae144be38293e2b3901bee566dde8c124
SHA256

dafc057aeed8cfc248678ef196f75f2325aa653ae94ebbff3ddb98b1aeb90848
SHA512

3e779a4af6ca50339b1de4d6cd12876647d42b9ee4a04ca094f23d77fcac01bb93feb51605097e2a1a3197c7c257149c48c477aa3c5a2b8d497609e2d0f297c9
SSDEEP

384:PZybRy1STss7yKSVBuYYkEhxpS2/zsIij+ZsNO3PlpJKkkjh/TzF7pWnwDgreT0k:xMwk4smKSnuhlxkmuXQ/olT+L

Score

10^/10

njrat ???trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

???

C2

0.tcp.eu.ngrok.io:19067

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  5b99e96e08af83ea3c1fe4778d5e2f8a.exe
- Size
  
  43KB
- MD5
  
  5b99e96e08af83ea3c1fe4778d5e2f8a
- SHA1
  
  1bc510bae144be38293e2b3901bee566dde8c124
- SHA256
  
  dafc057aeed8cfc248678ef196f75f2325aa653ae94ebbff3ddb98b1aeb90848
- SHA512
  
  3e779a4af6ca50339b1de4d6cd12876647d42b9ee4a04ca094f23d77fcac01bb93feb51605097e2a1a3197c7c257149c48c477aa3c5a2b8d497609e2d0f297c9
- SSDEEP
  
  384:PZybRy1STss7yKSVBuYYkEhxpS2/zsIij+ZsNO3PlpJKkkjh/TzF7pWnwDgreT0k:xMwk4smKSnuhlxkmuXQ/olT+L
Score

10^/10

njrat ???trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2