Overview

overview

10

Static

static

10

kg8iu932kg.exe

windows7-x64

10

kg8iu932kg.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kg8iu932kg.exe

  • Size

    43KB

  • Sample

    240426-yvzbxabb74

  • MD5

    5f2a465afde528dc03afd60bda63d224

  • SHA1

    33425917a22faee1163ed2e3c097199bf6dddb3e

  • SHA256

    59a251519723a22dd3958559cecc08bc21a521bd691b57710139093c23f76b8c

  • SHA512

    e694cc614e26c0da4b714ee7161c6eb38e090f4494b30be30b6a4723a987efc8ffde191251bae51b6f5b2c839633694828b14728c49cb45e2f71dac51aac478b

  • SSDEEP

    384:CZy2pO9ct6IyWVhIKI+qEpal/CzYhzbIij+ZsNO3PlpJKkkjh/TzF7pWnhNtSgrq:wB8SwFWfL/nu/CHuXQ/osNtm+L

Score
10/10
njrathackedtrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

biba.ddns.net:7357

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      kg8iu932kg.exe

    • Size

      43KB

    • MD5

      5f2a465afde528dc03afd60bda63d224

    • SHA1

      33425917a22faee1163ed2e3c097199bf6dddb3e

    • SHA256

      59a251519723a22dd3958559cecc08bc21a521bd691b57710139093c23f76b8c

    • SHA512

      e694cc614e26c0da4b714ee7161c6eb38e090f4494b30be30b6a4723a987efc8ffde191251bae51b6f5b2c839633694828b14728c49cb45e2f71dac51aac478b

    • SSDEEP

      384:CZy2pO9ct6IyWVhIKI+qEpal/CzYhzbIij+ZsNO3PlpJKkkjh/TzF7pWnhNtSgrq:wB8SwFWfL/nu/CHuXQ/osNtm+L

    Score
    10/10
    njrathackedtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks