Overview

overview

10

Static

static

10

3020-2-0x0...ry.exe

windows7-x64

10

3020-2-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3020-2-0x0000000000460000-0x0000000000472000-memory.dmp

  • Size

    72KB

  • Sample

    241005-p9zrjsyaqf

  • MD5

    5c763f2013aa6eec01710553a3956533

  • SHA1

    e8c6c171c05df73774a48056471705d9d9307191

  • SHA256

    4ad5f0107a2fbe081d769c1d166ae81c1089116bab59919c546de2212674ab91

  • SHA512

    0c290c60ee32b26082bff12881847333a01480861520450f1b18017f1aa75a830e2d6fd9d960ca427bee94c32bf99ece78d184ffc9ca16193cd039dbfeb70bd2

  • SSDEEP

    384:UZyHUJ1Cj8syWcWrfXE5GiXeEXME5EAftz8Iij+ZsNO3PlpJKkkjh/TzF7pWnK/N:i+UJ04pWcWrXE5ZVMEzXuXQ/oT3+L

Score
10/10
njrathackeddiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

encrypted7745.hopto.org:1177

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      3020-2-0x0000000000460000-0x0000000000472000-memory.dmp

    • Size

      72KB

    • MD5

      5c763f2013aa6eec01710553a3956533

    • SHA1

      e8c6c171c05df73774a48056471705d9d9307191

    • SHA256

      4ad5f0107a2fbe081d769c1d166ae81c1089116bab59919c546de2212674ab91

    • SHA512

      0c290c60ee32b26082bff12881847333a01480861520450f1b18017f1aa75a830e2d6fd9d960ca427bee94c32bf99ece78d184ffc9ca16193cd039dbfeb70bd2

    • SSDEEP

      384:UZyHUJ1Cj8syWcWrfXE5GiXeEXME5EAftz8Iij+ZsNO3PlpJKkkjh/TzF7pWnK/N:i+UJ04pWcWrXE5ZVMEzXuXQ/oT3+L

    Score
    10/10
    njrathackeddiscoverypersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks