General

  • Target

    5b99e96e08af83ea3c1fe4778d5e2f8a.exe

  • Size

    43KB

  • Sample

    230824-pf13hsce26

  • MD5

    5b99e96e08af83ea3c1fe4778d5e2f8a

  • SHA1

    1bc510bae144be38293e2b3901bee566dde8c124

  • SHA256

    dafc057aeed8cfc248678ef196f75f2325aa653ae94ebbff3ddb98b1aeb90848

  • SHA512

    3e779a4af6ca50339b1de4d6cd12876647d42b9ee4a04ca094f23d77fcac01bb93feb51605097e2a1a3197c7c257149c48c477aa3c5a2b8d497609e2d0f297c9

  • SSDEEP

    384:PZybRy1STss7yKSVBuYYkEhxpS2/zsIij+ZsNO3PlpJKkkjh/TzF7pWnwDgreT0k:xMwk4smKSnuhlxkmuXQ/olT+L

Score
10/10

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

???

C2

0.tcp.eu.ngrok.io:19067

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      5b99e96e08af83ea3c1fe4778d5e2f8a.exe

    • Size

      43KB

    • MD5

      5b99e96e08af83ea3c1fe4778d5e2f8a

    • SHA1

      1bc510bae144be38293e2b3901bee566dde8c124

    • SHA256

      dafc057aeed8cfc248678ef196f75f2325aa653ae94ebbff3ddb98b1aeb90848

    • SHA512

      3e779a4af6ca50339b1de4d6cd12876647d42b9ee4a04ca094f23d77fcac01bb93feb51605097e2a1a3197c7c257149c48c477aa3c5a2b8d497609e2d0f297c9

    • SSDEEP

      384:PZybRy1STss7yKSVBuYYkEhxpS2/zsIij+ZsNO3PlpJKkkjh/TzF7pWnwDgreT0k:xMwk4smKSnuhlxkmuXQ/olT+L

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks