njrat | e50bc61300de2d3af137bcd1a5728219fac7e7635bb0ab6050ed4fa380038367 | Triage

Sharing

General

Target

1e28904cacc4be6d50c03fb71171d9a7.exe
Size

43KB
Sample

231206-xk25dabh78
MD5

1e28904cacc4be6d50c03fb71171d9a7
SHA1

1915e4f915e7e06df9efe1619921ae7960f1cbb2
SHA256

e50bc61300de2d3af137bcd1a5728219fac7e7635bb0ab6050ed4fa380038367
SHA512

5d3ac9e12ad81ea89d62717ebc65d9a1f9dab173b956741070cca4c551c675e6c91918928835817b8b082632e5f4d7d98e64949d54b8404188983efc044f3df0
SSDEEP

384:CZy7polQ5GoyyNrl3cXmICEDXH/zIIij+ZsNO3PlpJKkkjh/TzF7pWnZ/greT0pO:wBmolyNrB4LRxuXQ/o0/+L

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:15505

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  1e28904cacc4be6d50c03fb71171d9a7.exe
- Size
  
  43KB
- MD5
  
  1e28904cacc4be6d50c03fb71171d9a7
- SHA1
  
  1915e4f915e7e06df9efe1619921ae7960f1cbb2
- SHA256
  
  e50bc61300de2d3af137bcd1a5728219fac7e7635bb0ab6050ed4fa380038367
- SHA512
  
  5d3ac9e12ad81ea89d62717ebc65d9a1f9dab173b956741070cca4c551c675e6c91918928835817b8b082632e5f4d7d98e64949d54b8404188983efc044f3df0
- SSDEEP
  
  384:CZy7polQ5GoyyNrl3cXmICEDXH/zIIij+ZsNO3PlpJKkkjh/TzF7pWnZ/greT0pO:wBmolyNrB4LRxuXQ/o0/+L
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njrathackedtrojan

behavioral2

njrathackedtrojan