General

  • Target

    a5eb772c16526b3b85b1195fca0de2e798a6f54808e2a1ee151fc7768b8cd880N

  • Size

    43KB

  • Sample

    241014-rta5cszbrh

  • MD5

    a9af9a4b1fff011ea77ca1492413c240

  • SHA1

    97c6cdbe628e5e753c6f942122ca483c52007413

  • SHA256

    a5eb772c16526b3b85b1195fca0de2e798a6f54808e2a1ee151fc7768b8cd880

  • SHA512

    c9d35dff323aaf4480d60993790e7eb130da38bf72bce80388124961ca84f64bbd141d53fdda1672f9a5a57968ae9e80cdd4683d3d0c6c2d81f208e726dbebd2

  • SSDEEP

    384:CZyd1Bq0lwZmoy7ypUwCWMNxmD0a3S9D9O5UE5QzwBlpJNakkjh/TzF7pWnkFgrW:waNGol7oUrgDNvQO+J7+L

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

Virus

C2

127.0.0.1:3333

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      a5eb772c16526b3b85b1195fca0de2e798a6f54808e2a1ee151fc7768b8cd880N

    • Size

      43KB

    • MD5

      a9af9a4b1fff011ea77ca1492413c240

    • SHA1

      97c6cdbe628e5e753c6f942122ca483c52007413

    • SHA256

      a5eb772c16526b3b85b1195fca0de2e798a6f54808e2a1ee151fc7768b8cd880

    • SHA512

      c9d35dff323aaf4480d60993790e7eb130da38bf72bce80388124961ca84f64bbd141d53fdda1672f9a5a57968ae9e80cdd4683d3d0c6c2d81f208e726dbebd2

    • SSDEEP

      384:CZyd1Bq0lwZmoy7ypUwCWMNxmD0a3S9D9O5UE5QzwBlpJNakkjh/TzF7pWnkFgrW:waNGol7oUrgDNvQO+J7+L

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks