General

  • Target

    hui.exe

  • Size

    43KB

  • Sample

    240730-t6flqayejk

  • MD5

    2ea738cacbe5e0ad0244c689b1b9b802

  • SHA1

    e1b34d9a4f00e711e8be0e2d7bf8406b3fbb6c3b

  • SHA256

    89956975cad55d98738a5317225f51fc1d932aa96c93e1c7985a1599b003f3d2

  • SHA512

    676444791bd9de0d3b818d40a92fe4a035e12de373af9db08c92d42c938f579cdbf70b8f6ae115d2c37d5575c39c58400119ce32658f296778cdc6eb3038416a

  • SSDEEP

    384:iZyaoPn1ST63JyWCx8ua9hEcbcPxy7yzsIij+ZsNO3PlpJKkkjh/TzF7pWn17ogm:Qwvkm3AWMzitwFuXQ/oQs+L

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

discord

C2

26.149.74.100:25565

Mutex

Intel Graphics Software

Attributes
  • reg_key

    Intel Graphics Software

  • splitter

    |Hassan|

Targets

    • Target

      hui.exe

    • Size

      43KB

    • MD5

      2ea738cacbe5e0ad0244c689b1b9b802

    • SHA1

      e1b34d9a4f00e711e8be0e2d7bf8406b3fbb6c3b

    • SHA256

      89956975cad55d98738a5317225f51fc1d932aa96c93e1c7985a1599b003f3d2

    • SHA512

      676444791bd9de0d3b818d40a92fe4a035e12de373af9db08c92d42c938f579cdbf70b8f6ae115d2c37d5575c39c58400119ce32658f296778cdc6eb3038416a

    • SSDEEP

      384:iZyaoPn1ST63JyWCx8ua9hEcbcPxy7yzsIij+ZsNO3PlpJKkkjh/TzF7pWn17ogm:Qwvkm3AWMzitwFuXQ/oQs+L

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks