Overview

overview

10

Static

static

10

fe534901db...53.exe

windows7-x64

10

fe534901db...53.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fe534901db66708cbf7f1147d394bc47f40b8f19128ddb123fcd37fab9bdbd53.exe

  • Size

    43KB

  • Sample

    240917-nv3zzs1epl

  • MD5

    e378922f1311e8d1e700b1e18da8fc90

  • SHA1

    322ec5ae217ebff300479919b49c576e41973503

  • SHA256

    fe534901db66708cbf7f1147d394bc47f40b8f19128ddb123fcd37fab9bdbd53

  • SHA512

    6e798f0ecd9b92895fa3720f1f7d8c0edd517a919fe5207b1fbe4e75776183e1c3454b503b162a059e23432b1b38e78ae3aba1836b41e18b24acc4eae8ec8ba7

  • SSDEEP

    384:IZytLnxdW/IUyNZuF5EFiH8Y4EPbF56lpzYIij+ZsNO3PlpJKkkjh/TzF7pWnz/l:+8jxIghNZk5EFiHNXbSpuXQ/oy3+L

Score
10/10
njrathackeddiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

204.48.16.32:6661

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      fe534901db66708cbf7f1147d394bc47f40b8f19128ddb123fcd37fab9bdbd53.exe

    • Size

      43KB

    • MD5

      e378922f1311e8d1e700b1e18da8fc90

    • SHA1

      322ec5ae217ebff300479919b49c576e41973503

    • SHA256

      fe534901db66708cbf7f1147d394bc47f40b8f19128ddb123fcd37fab9bdbd53

    • SHA512

      6e798f0ecd9b92895fa3720f1f7d8c0edd517a919fe5207b1fbe4e75776183e1c3454b503b162a059e23432b1b38e78ae3aba1836b41e18b24acc4eae8ec8ba7

    • SSDEEP

      384:IZytLnxdW/IUyNZuF5EFiH8Y4EPbF56lpzYIij+ZsNO3PlpJKkkjh/TzF7pWnz/l:+8jxIghNZk5EFiHNXbSpuXQ/oy3+L

    Score
    10/10
    njrathackeddiscoverypersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks