Overview

overview

10

Static

static

10

c082cc6a8f...0N.exe

windows7-x64

10

c082cc6a8f...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c082cc6a8f0cc384c38e414388bfccb0N.exe

  • Size

    43KB

  • Sample

    240905-cptzca1emj

  • MD5

    c082cc6a8f0cc384c38e414388bfccb0

  • SHA1

    6bab68c4e0f0a90b31104137bc2370a0fb735c6a

  • SHA256

    35324165b982f301bfde2948a61c4742dd3a8f1abba1902380180bdb98dd7abc

  • SHA512

    607e51abe259cad1867594ca73fe659094ada57bb5310c6e284b895b10e75b301334f15738fd3f672db65a1f2242833aa31cd2201279fcb80151dd40cc94fffb

  • SSDEEP

    384:W8ZyNf2yCEFmVoybLfMd2MyEd0DMghgzEIij+ZsNO3PlpJKkkjh/TzF7pWn6sgrq:W64f2yVAVlbTknoggguXQ/o3I+L

Score
10/10
njrathardplatformdiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HardPlatform

C2

86.111.70.124:5552

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      c082cc6a8f0cc384c38e414388bfccb0N.exe

    • Size

      43KB

    • MD5

      c082cc6a8f0cc384c38e414388bfccb0

    • SHA1

      6bab68c4e0f0a90b31104137bc2370a0fb735c6a

    • SHA256

      35324165b982f301bfde2948a61c4742dd3a8f1abba1902380180bdb98dd7abc

    • SHA512

      607e51abe259cad1867594ca73fe659094ada57bb5310c6e284b895b10e75b301334f15738fd3f672db65a1f2242833aa31cd2201279fcb80151dd40cc94fffb

    • SSDEEP

      384:W8ZyNf2yCEFmVoybLfMd2MyEd0DMghgzEIij+ZsNO3PlpJKkkjh/TzF7pWn6sgrq:W64f2yVAVlbTknoggguXQ/o3I+L

    Score
    10/10
    njrathardplatformdiscoverypersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks