General

  • Target

    NjRat.0.7D-main(1).zip

  • Size

    48.8MB

  • Sample

    241209-r59r3a1mav

  • MD5

    80d3d5163cafe75e0f2d1666a4c65414

  • SHA1

    b94d1e8abcf337c888f403e4e7563c896fa7d51c

  • SHA256

    d96bb6e66aef5a2901a0bfb80df3382d79cdcf60c9916badf27b456244bc6929

  • SHA512

    d606abeacdb158dfdfabd89d7e3c12800704faa499821d01494899d5c36d93d2cc540d8747633535e148abffba4ac8c1fb3016fc03535c3d75cf74edd34daae3

  • SSDEEP

    1572864:u5rfgndUOnIfRGjDT159RHXDZ8411rbYfkI:u5rf0mOnGRaThBZ84frUsI

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

C2

:

Mutex

[RNVD]

Attributes
  • reg_key

    [RNVD]

  • splitter

    |Hassan|

Extracted

Family

njrat

Version

0.7d

Botnet

monke

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

03ee21e2b9447b703490c88d66ec84f2

Attributes
  • reg_key

    03ee21e2b9447b703490c88d66ec84f2

  • splitter

    |'|'|

Targets

    • Target

      NjRat.0.7D-main(1).zip

    • Size

      48.8MB

    • MD5

      80d3d5163cafe75e0f2d1666a4c65414

    • SHA1

      b94d1e8abcf337c888f403e4e7563c896fa7d51c

    • SHA256

      d96bb6e66aef5a2901a0bfb80df3382d79cdcf60c9916badf27b456244bc6929

    • SHA512

      d606abeacdb158dfdfabd89d7e3c12800704faa499821d01494899d5c36d93d2cc540d8747633535e148abffba4ac8c1fb3016fc03535c3d75cf74edd34daae3

    • SSDEEP

      1572864:u5rfgndUOnIfRGjDT159RHXDZ8411rbYfkI:u5rf0mOnGRaThBZ84frUsI

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Disables Task Manager via registry modification

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks