General

  • Target

    8312919bf75cb86a87b66dc28fcc8f99.bin

  • Size

    328KB

  • Sample

    240203-bzy6dadhd7

  • MD5

    8312919bf75cb86a87b66dc28fcc8f99

  • SHA1

    60941b4bef8527922ed282953d1224701b6ec7c2

  • SHA256

    c2e815a0f25073bb59ad24acd358e72b557a01443fe8a6d79e2acf599bcb592a

  • SHA512

    7e3999007e96ff9b92ca56bb82485d90b048270af3221896bc707bb5b86d85c5fb05f3ba95fec13d2e5c4389de143e9e880a934ba6298321a1e0369783ce6741

  • SSDEEP

    6144:VdRVzSkGTxSLD8uq5CaOPs47bhqUdIT+trBfkSGL:VhqxSLo5C1Ps4XhWT+trB8S

Score
10/10

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

first

C2

127.0.0.1:80

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      8312919bf75cb86a87b66dc28fcc8f99.bin

    • Size

      328KB

    • MD5

      8312919bf75cb86a87b66dc28fcc8f99

    • SHA1

      60941b4bef8527922ed282953d1224701b6ec7c2

    • SHA256

      c2e815a0f25073bb59ad24acd358e72b557a01443fe8a6d79e2acf599bcb592a

    • SHA512

      7e3999007e96ff9b92ca56bb82485d90b048270af3221896bc707bb5b86d85c5fb05f3ba95fec13d2e5c4389de143e9e880a934ba6298321a1e0369783ce6741

    • SSDEEP

      6144:VdRVzSkGTxSLD8uq5CaOPs47bhqUdIT+trBfkSGL:VhqxSLo5C1Ps4XhWT+trB8S

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks