njrat | 430365bd280fcc6e3a8f2912dad54c397e0c6dabd4dbf505cd95e53bdc8dc36a | Triage

Sharing

General

Target

hhhh77.exe
Size

8.3MB
Sample

240923-3bmwzsvdjg
MD5

9214afbf5645990e16a4935d4b66a2e1
SHA1

ff88a1ba0e19d31f9ffbf0c5844709654d33a441
SHA256

430365bd280fcc6e3a8f2912dad54c397e0c6dabd4dbf505cd95e53bdc8dc36a
SHA512

21b8c7b9d28ddd745fa283cf449af7e248b7bde410217fa625a0654381247ad7012983a26b8f84d13cf610bb28180bd6e497a75368df637609d69f8f58e4ec31
SSDEEP

196608:IIcwMCzK6VFMW/sd0PVVlMyELNCMgZsHcSCD:JNmyFW+Px0NIycf

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:4344

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  hhhh77.exe
- Size
  
  8.3MB
- MD5
  
  9214afbf5645990e16a4935d4b66a2e1
- SHA1
  
  ff88a1ba0e19d31f9ffbf0c5844709654d33a441
- SHA256
  
  430365bd280fcc6e3a8f2912dad54c397e0c6dabd4dbf505cd95e53bdc8dc36a
- SHA512
  
  21b8c7b9d28ddd745fa283cf449af7e248b7bde410217fa625a0654381247ad7012983a26b8f84d13cf610bb28180bd6e497a75368df637609d69f8f58e4ec31
- SSDEEP
  
  196608:IIcwMCzK6VFMW/sd0PVVlMyELNCMgZsHcSCD:JNmyFW+Px0NIycf
Score

10^/10

njrat hacked discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan

behavioral2

njrathackeddiscoverytrojan