njrat | 3ac6cecc2e601cb60c13478eba7e46bb29cb78da5e9801c7f38be8588e31ffc9 | Triage

Resubmissions

19-09-2024 18:42

240919-xctg9svbmq 10

19-09-2024 18:42

240919-xcnxsavbmm 10

19-09-2024 18:39

240919-xa54aatfkh 10

19-09-2024 18:38

240919-w92dpsthpr 10

Sharing

General

Target

SholirPrivate.exe
Size

25KB
Sample

240919-w92dpsthpr
MD5

5e8facdac73af8e6c2032a979af187c5
SHA1

dd5f109dc09df7490726a9764f929c27018d8975
SHA256

3ac6cecc2e601cb60c13478eba7e46bb29cb78da5e9801c7f38be8588e31ffc9
SHA512

61c0e5c57618926cd021f6e31464d5f4cb49cfff93c5cc5e8842eca907f295d57fb80e812128ca1aa346902a5458de98a7dfa943cd745043f15017f0873eb1ce
SSDEEP

768:svpnCavdFPJ3Wh0rXjTwFu9wq1U/Xdutnz5QZCL:QBFPJSsjzRuFu9lQQ

Score

10^/10

njrat hacked trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:5552

Attributes

splitter
|Hassan|

Targets

- Target
  
  SholirPrivate.exe
- Size
  
  25KB
- MD5
  
  5e8facdac73af8e6c2032a979af187c5
- SHA1
  
  dd5f109dc09df7490726a9764f929c27018d8975
- SHA256
  
  3ac6cecc2e601cb60c13478eba7e46bb29cb78da5e9801c7f38be8588e31ffc9
- SHA512
  
  61c0e5c57618926cd021f6e31464d5f4cb49cfff93c5cc5e8842eca907f295d57fb80e812128ca1aa346902a5458de98a7dfa943cd745043f15017f0873eb1ce
- SSDEEP
  
  768:svpnCavdFPJ3Wh0rXjTwFu9wq1U/Xdutnz5QZCL:QBFPJSsjzRuFu9lQQ
Score

10^/10

njrat hacked trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedtrojan