General

  • Target

    Bloxstrap.exe

  • Size

    11.2MB

  • Sample

    241123-yhw11szjgk

  • MD5

    29ca7831b80bf263095bb878555b5161

  • SHA1

    7190385a69c313a6cc9d60a17434b2227d01edc3

  • SHA256

    c32a5b371401abc7904e2bfaddc23f69ef7c8a7d40bd3e7a8f045f6de64a3201

  • SHA512

    4c3b75db351f59a5842d6bb4d212cdf25282525bf5683864b40580e56c3976464e335bcd5d737da990a4737ea4a217a494fac56868700a9db41e4af4b24dae06

  • SSDEEP

    98304:ksqZ+pv3Tscod5DFasb/r5vGWD3EOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlUv:ksqZ+pLscVsb/r5vGlObAbN0

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

saw-shirts.gl.at.ply.gg:4164

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      Bloxstrap.exe

    • Size

      11.2MB

    • MD5

      29ca7831b80bf263095bb878555b5161

    • SHA1

      7190385a69c313a6cc9d60a17434b2227d01edc3

    • SHA256

      c32a5b371401abc7904e2bfaddc23f69ef7c8a7d40bd3e7a8f045f6de64a3201

    • SHA512

      4c3b75db351f59a5842d6bb4d212cdf25282525bf5683864b40580e56c3976464e335bcd5d737da990a4737ea4a217a494fac56868700a9db41e4af4b24dae06

    • SSDEEP

      98304:ksqZ+pv3Tscod5DFasb/r5vGWD3EOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlUv:ksqZ+pLscVsb/r5vGlObAbN0

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks