General

  • Target

    556e9dd4b013cff0ebdcf092179cd0c5.exe

  • Size

    179KB

  • Sample

    240929-23dxqayeng

  • MD5

    556e9dd4b013cff0ebdcf092179cd0c5

  • SHA1

    e940ce25b43ea77c7b93986c3513862033a7737d

  • SHA256

    e2d1db2b4f714c6224fad8f22f9dc19c0f236ad161397843956aacacde9d3cb9

  • SHA512

    e37cb776ec8dedfcd7d8032bbb87b3accefe7b68a1e1c279514999dcd506deae3d481ff469b707fd9b219108612e272dfbf570453ede929de237222f7adfa663

  • SSDEEP

    3072:o32GhNvkY6ofrH1+dx77rZ0PWsSwEVCeYYFdOws+nolDkYIE:+2GhNFfVCL2WtGeYY33s+o5k

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

encrypted7745.hopto.org:1177

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      556e9dd4b013cff0ebdcf092179cd0c5.exe

    • Size

      179KB

    • MD5

      556e9dd4b013cff0ebdcf092179cd0c5

    • SHA1

      e940ce25b43ea77c7b93986c3513862033a7737d

    • SHA256

      e2d1db2b4f714c6224fad8f22f9dc19c0f236ad161397843956aacacde9d3cb9

    • SHA512

      e37cb776ec8dedfcd7d8032bbb87b3accefe7b68a1e1c279514999dcd506deae3d481ff469b707fd9b219108612e272dfbf570453ede929de237222f7adfa663

    • SSDEEP

      3072:o32GhNvkY6ofrH1+dx77rZ0PWsSwEVCeYYFdOws+nolDkYIE:+2GhNFfVCL2WtGeYY33s+o5k

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks