njrat | 430365bd280fcc6e3a8f2912dad54c397e0c6dabd4dbf505cd95e53bdc8dc36a

General

Target

hhhh77.exe
Size

8.3MB
Sample

240923-3bmwzsvdjg
MD5

9214afbf5645990e16a4935d4b66a2e1
SHA1

ff88a1ba0e19d31f9ffbf0c5844709654d33a441
SHA256

430365bd280fcc6e3a8f2912dad54c397e0c6dabd4dbf505cd95e53bdc8dc36a
SHA512

21b8c7b9d28ddd745fa283cf449af7e248b7bde410217fa625a0654381247ad7012983a26b8f84d13cf610bb28180bd6e497a75368df637609d69f8f58e4ec31
SSDEEP

196608:IIcwMCzK6VFMW/sd0PVVlMyELNCMgZsHcSCD:JNmyFW+Px0NIycf

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:4344

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  hhhh77.exe
- Size
  
  8.3MB
- MD5
  
  9214afbf5645990e16a4935d4b66a2e1
- SHA1
  
  ff88a1ba0e19d31f9ffbf0c5844709654d33a441
- SHA256
  
  430365bd280fcc6e3a8f2912dad54c397e0c6dabd4dbf505cd95e53bdc8dc36a
- SHA512
  
  21b8c7b9d28ddd745fa283cf449af7e248b7bde410217fa625a0654381247ad7012983a26b8f84d13cf610bb28180bd6e497a75368df637609d69f8f58e4ec31
- SSDEEP
  
  196608:IIcwMCzK6VFMW/sd0PVVlMyELNCMgZsHcSCD:JNmyFW+Px0NIycf
Score

10^/10

njrat hacked discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.