Overview

overview

10

Static

static

10

28f8ffd78f...3N.exe

windows7-x64

10

28f8ffd78f...3N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28f8ffd78f7b6931dc0995a4c4fa08c5d4c97755d7193c56c6e22519253427a3N

  • Size

    65KB

  • Sample

    241105-ajxf6szgnd

  • MD5

    bf27a2b1c3a091d14d52d660baa90f40

  • SHA1

    45ff2043a8124b5b7c7f41f2493b501b2be720f8

  • SHA256

    28f8ffd78f7b6931dc0995a4c4fa08c5d4c97755d7193c56c6e22519253427a3

  • SHA512

    bfeefe304051b148083a0baa9a67d15e10948292e36ce746c98f1ccf4bd15ca1e7520e09aa75d6b89788473208625e183a47a69a51745db0f139330a1ab2594a

  • SSDEEP

    1536:hcEIhoN36t+QviFw1CcWSUVOBnvb9fLteF3nLrB9z3ncaF9bSS9vMp:hcEIhoN36t+QviFCCl8BnJfWl9zsaF9Y

Score
10/10
njrathackeddiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:40570

Mutex

MicrosoftBrake

Attributes
  • reg_key

    MicrosoftBrake

  • splitter

    |Ghost|

Targets

    • Target

      28f8ffd78f7b6931dc0995a4c4fa08c5d4c97755d7193c56c6e22519253427a3N

    • Size

      65KB

    • MD5

      bf27a2b1c3a091d14d52d660baa90f40

    • SHA1

      45ff2043a8124b5b7c7f41f2493b501b2be720f8

    • SHA256

      28f8ffd78f7b6931dc0995a4c4fa08c5d4c97755d7193c56c6e22519253427a3

    • SHA512

      bfeefe304051b148083a0baa9a67d15e10948292e36ce746c98f1ccf4bd15ca1e7520e09aa75d6b89788473208625e183a47a69a51745db0f139330a1ab2594a

    • SSDEEP

      1536:hcEIhoN36t+QviFw1CcWSUVOBnvb9fLteF3nLrB9z3ncaF9bSS9vMp:hcEIhoN36t+QviFCCl8BnJfWl9zsaF9Y

    Score
    10/10
    njrathackeddiscoverytrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks