Overview

overview

10

Static

static

3

96fcbd0332...cN.exe

windows7-x64

10

96fcbd0332...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96fcbd03326284e0226a8b3182478c1a2ebdce5076a3a55ffdbbb9963304d9acN

  • Size

    193KB

  • Sample

    241010-xy9flsxdpq

  • MD5

    ec168d81b6e03372b56fd2dae9577a10

  • SHA1

    37115736d2894e7232f76dd4361c66743d6271d7

  • SHA256

    96fcbd03326284e0226a8b3182478c1a2ebdce5076a3a55ffdbbb9963304d9ac

  • SHA512

    a25329b14b205c069a3ebeaef73a97ed6ccff373c1af77f134328b0831c142317189460bb231f9bb4485a9b65f35781a639059668f2befa128a4db34ac850a9f

  • SSDEEP

    3072:FswcCukiBTmvDPt0dVgTuxHX31u4MYkGzmHK2VHFepUjhVwP6xsVF6jYhWPENCgf:oCu1BoqVgTOH1WYQqy

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

encrypted7745.hopto.org:1177

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      96fcbd03326284e0226a8b3182478c1a2ebdce5076a3a55ffdbbb9963304d9acN

    • Size

      193KB

    • MD5

      ec168d81b6e03372b56fd2dae9577a10

    • SHA1

      37115736d2894e7232f76dd4361c66743d6271d7

    • SHA256

      96fcbd03326284e0226a8b3182478c1a2ebdce5076a3a55ffdbbb9963304d9ac

    • SHA512

      a25329b14b205c069a3ebeaef73a97ed6ccff373c1af77f134328b0831c142317189460bb231f9bb4485a9b65f35781a639059668f2befa128a4db34ac850a9f

    • SSDEEP

      3072:FswcCukiBTmvDPt0dVgTuxHX31u4MYkGzmHK2VHFepUjhVwP6xsVF6jYhWPENCgf:oCu1BoqVgTOH1WYQqy

    Score
    10/10
    njrathackedpersistencetrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks