General

  • Target

    3c44cbb99cc237c087e10c63fae5a7e8bb26c602241b0be79e9f984cdaba9781N

  • Size

    43KB

  • Sample

    241018-rj89ea1dka

  • MD5

    7b5539d4e33d06c87cc73b529af14380

  • SHA1

    d453ed2e3d34baf021af815ef512d990cc68d1a9

  • SHA256

    3c44cbb99cc237c087e10c63fae5a7e8bb26c602241b0be79e9f984cdaba9781

  • SHA512

    9e3a35be37590b323f3d1deb9921b8ec917986c396f89bdccc66fa2288a927544ca15c1ead5115f361f5d6fcf3bf10fda6f17824fd3cd89b4cfafe462221c673

  • SSDEEP

    384:76ZyA4D4olYxOoyi0I7wycuEN88FQPzgIij+ZsNO3PlpJKkkjh/TzF7pWni/greT:8fouIli0gwjL8awuXQ/on/+L+

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:5555

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      3c44cbb99cc237c087e10c63fae5a7e8bb26c602241b0be79e9f984cdaba9781N

    • Size

      43KB

    • MD5

      7b5539d4e33d06c87cc73b529af14380

    • SHA1

      d453ed2e3d34baf021af815ef512d990cc68d1a9

    • SHA256

      3c44cbb99cc237c087e10c63fae5a7e8bb26c602241b0be79e9f984cdaba9781

    • SHA512

      9e3a35be37590b323f3d1deb9921b8ec917986c396f89bdccc66fa2288a927544ca15c1ead5115f361f5d6fcf3bf10fda6f17824fd3cd89b4cfafe462221c673

    • SSDEEP

      384:76ZyA4D4olYxOoyi0I7wycuEN88FQPzgIij+ZsNO3PlpJKkkjh/TzF7pWni/greT:8fouIli0gwjL8awuXQ/on/+L+

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks