General

  • Target

    a89d22ac25d150e595819c16cd309568

  • Size

    25KB

  • Sample

    240227-jl2ncacb9y

  • MD5

    a89d22ac25d150e595819c16cd309568

  • SHA1

    8af731d9e100cff209e56dfdcb72be9b6e5b6732

  • SHA256

    f916e54c85cf4c634db8a36fcca8d7e260d60b7a1325ab714402c510927564b4

  • SHA512

    8c7457daf18740e65bec52afbda223db96df663e4d34e705924c99021edeba63cdfa63d71f7e382d56e908c4c62e59d909c8bf7908e8cdc8da1e2274f43f82a2

  • SSDEEP

    768:svp+5UK1UuSwTBZg9yiEs8rsBy0UDp+2+v:QcUWUuJmyiYYBy30

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      a89d22ac25d150e595819c16cd309568

    • Size

      25KB

    • MD5

      a89d22ac25d150e595819c16cd309568

    • SHA1

      8af731d9e100cff209e56dfdcb72be9b6e5b6732

    • SHA256

      f916e54c85cf4c634db8a36fcca8d7e260d60b7a1325ab714402c510927564b4

    • SHA512

      8c7457daf18740e65bec52afbda223db96df663e4d34e705924c99021edeba63cdfa63d71f7e382d56e908c4c62e59d909c8bf7908e8cdc8da1e2274f43f82a2

    • SSDEEP

      768:svp+5UK1UuSwTBZg9yiEs8rsBy0UDp+2+v:QcUWUuJmyiYYBy30

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks