General

  • Target

    25b32a1fec9f1427b5085dcb052de990021b5d2ee82cc4ae6908f606b4fbae3b

  • Size

    878KB

  • Sample

    240229-lwxs9adb9v

  • MD5

    7a8d5ce9ed21d3a3e84182c51a8b2722

  • SHA1

    1efcdb60208c2ed9f5964ca7384ef766fecd300e

  • SHA256

    25b32a1fec9f1427b5085dcb052de990021b5d2ee82cc4ae6908f606b4fbae3b

  • SHA512

    a766d20f6707793f83c62862723257f1a61ef947a3740bb80bafad70f5ca13477b5ac99f76cc0c68fdf8e65ded179ce064508439c43336e767b5db1b948714c4

  • SSDEEP

    12288:ftb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNDPPpHrYZBtZIj16A:ftb20pkaCqT5TBWgNjVYZBUj16A

Score
10/10

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:4444

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      25b32a1fec9f1427b5085dcb052de990021b5d2ee82cc4ae6908f606b4fbae3b

    • Size

      878KB

    • MD5

      7a8d5ce9ed21d3a3e84182c51a8b2722

    • SHA1

      1efcdb60208c2ed9f5964ca7384ef766fecd300e

    • SHA256

      25b32a1fec9f1427b5085dcb052de990021b5d2ee82cc4ae6908f606b4fbae3b

    • SHA512

      a766d20f6707793f83c62862723257f1a61ef947a3740bb80bafad70f5ca13477b5ac99f76cc0c68fdf8e65ded179ce064508439c43336e767b5db1b948714c4

    • SSDEEP

      12288:ftb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNDPPpHrYZBtZIj16A:ftb20pkaCqT5TBWgNjVYZBUj16A

    Score
    10/10
    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks