njrat | 16a4198de8bdfbfbbf06ca8961d9a5735aa3dd5890d1cc38659ec329871e9b32 | Triage

Sharing

General

Target

j87y76t655.exe
Size

1.1MB
Sample

240923-3cexrsvdkh
MD5

d284ba1f09e8c41cd5cdfb0fdb6ec60a
SHA1

821908e7bbecc9944bb8c5c2c190c93e6ed40b42
SHA256

16a4198de8bdfbfbbf06ca8961d9a5735aa3dd5890d1cc38659ec329871e9b32
SHA512

5b7570751241b1974546cdf93d172d9aac9173c47f10ce49bcc2cedc52ab07da40303cf74cd7332ae9c5c8fa0d08344b02d00c5ba6667f67fb71bca22ce63c9c
SSDEEP

24576:X8I6kmOkG7q9BFwdbo2l2iohYiTKhzzr8/mqYuDFjhhShGpZ:sI6kplAFU0JhjOhzz4/lO+

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:4344

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  j87y76t655.exe
- Size
  
  1.1MB
- MD5
  
  d284ba1f09e8c41cd5cdfb0fdb6ec60a
- SHA1
  
  821908e7bbecc9944bb8c5c2c190c93e6ed40b42
- SHA256
  
  16a4198de8bdfbfbbf06ca8961d9a5735aa3dd5890d1cc38659ec329871e9b32
- SHA512
  
  5b7570751241b1974546cdf93d172d9aac9173c47f10ce49bcc2cedc52ab07da40303cf74cd7332ae9c5c8fa0d08344b02d00c5ba6667f67fb71bca22ce63c9c
- SSDEEP
  
  24576:X8I6kmOkG7q9BFwdbo2l2iohYiTKhzzr8/mqYuDFjhhShGpZ:sI6kplAFU0JhjOhzz4/lO+
Score

10^/10

njrat hacked discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan

behavioral2

njrathackeddiscoverytrojan