Overview

overview

10

Static

static

10

bf1309dd22...9a.exe

windows7-x64

10

bf1309dd22...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf1309dd22cc8153fb839915f3924eb656c7a331599a4b3d4f98ab3873413f9a

  • Size

    43KB

  • Sample

    241126-dtsshs1qax

  • MD5

    9f42922c0a3f6d8ea2f14cacd6d833a2

  • SHA1

    26599b63a7128de66f90d3845bdf914c14933fff

  • SHA256

    bf1309dd22cc8153fb839915f3924eb656c7a331599a4b3d4f98ab3873413f9a

  • SHA512

    772caa71cbe0ed4c74bd9311a0a2d941b2eed4c40f49bf318094a1c04b438d9a547a5abef80b96bb3e902f3aaffe02ad26de6f5f8c63f078bd621b87f9009e4d

  • SSDEEP

    384:xZyRx31mmkuHQUyzvnNXPGeGEE1XdP9fQzAIij+ZsNO3PlpJKkkjh/TzF7pWn8cp:jq3kgwhzfNftG1B9muXQ/olc3+L

Score
10/10
njrathackeddiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

saw-shirts.gl.at.ply.gg:4164

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      bf1309dd22cc8153fb839915f3924eb656c7a331599a4b3d4f98ab3873413f9a

    • Size

      43KB

    • MD5

      9f42922c0a3f6d8ea2f14cacd6d833a2

    • SHA1

      26599b63a7128de66f90d3845bdf914c14933fff

    • SHA256

      bf1309dd22cc8153fb839915f3924eb656c7a331599a4b3d4f98ab3873413f9a

    • SHA512

      772caa71cbe0ed4c74bd9311a0a2d941b2eed4c40f49bf318094a1c04b438d9a547a5abef80b96bb3e902f3aaffe02ad26de6f5f8c63f078bd621b87f9009e4d

    • SSDEEP

      384:xZyRx31mmkuHQUyzvnNXPGeGEE1XdP9fQzAIij+ZsNO3PlpJKkkjh/TzF7pWn8cp:jq3kgwhzfNftG1B9muXQ/olc3+L

    Score
    10/10
    njrathackeddiscoverytrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks