njrat | ef628a6511f0a9fe1effcb71b5ca1fd4be85c85da8fb18d5f30de3c27e8e1bb6 | Triage

Sharing

General

Target

5b86cbad21d81626db92220fbed7a465
Size

25KB
Sample

240114-wysx7acdel
MD5

5b86cbad21d81626db92220fbed7a465
SHA1

124dcfaa2fa3d1bb17af97249ddd49b566fdbfc3
SHA256

ef628a6511f0a9fe1effcb71b5ca1fd4be85c85da8fb18d5f30de3c27e8e1bb6
SHA512

6297cb2d0592fc25102f98a7703c130eb6fee67c9286a585f115f8252cc02533a32b4ad288ee50331e9e46792c648e1e515c2011170002fb67b8fd61d5984343
SSDEEP

384:sv3ZI++mmHgOC69Qlr4XU1lL2IVJinVcVcp0jW9h2HbmdPvo8I6CQYtIdgDxpf:svpwhHB2r/1c4IFpdgwvj1CzI+Fpf

Score

10^/10

njrat flans mod trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

flans mod

C2

127.0.0.1:25565

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  5b86cbad21d81626db92220fbed7a465
- Size
  
  25KB
- MD5
  
  5b86cbad21d81626db92220fbed7a465
- SHA1
  
  124dcfaa2fa3d1bb17af97249ddd49b566fdbfc3
- SHA256
  
  ef628a6511f0a9fe1effcb71b5ca1fd4be85c85da8fb18d5f30de3c27e8e1bb6
- SHA512
  
  6297cb2d0592fc25102f98a7703c130eb6fee67c9286a585f115f8252cc02533a32b4ad288ee50331e9e46792c648e1e515c2011170002fb67b8fd61d5984343
- SSDEEP
  
  384:sv3ZI++mmHgOC69Qlr4XU1lL2IVJinVcVcp0jW9h2HbmdPvo8I6CQYtIdgDxpf:svpwhHB2r/1c4IFpdgwvj1CzI+Fpf
Score

10^/10

njrat flans mod trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratflans modtrojan

behavioral2

njratflans modtrojan