Overview

overview

10

Static

static

10

antivirusb....0.exe

windows7-x64

10

antivirusb....0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    antivirusbyemilv1.0.exe

  • Size

    43KB

  • Sample

    250105-qhx93svngz

  • MD5

    04b503df0753a8a4bf74035949215a47

  • SHA1

    fde82e54526910d082a80853730969888d86befd

  • SHA256

    81abb1776a5da5c7844a18f50a4f254eed232c6164b62e2a5fd69d4494c4b943

  • SHA512

    4608a20bfb499bc6a0ca89cab7d080f76f3d7fb2c730492bfa6d7f6301bd50b24af7f228c6a1b5ac06f033c7367fb580279446407bfdad0004669dbdfeb82da2

  • SSDEEP

    384:FZyd5ctOnwtOyW60GmciXEFdZBEk0z2I1zgIij+ZsNO3PlpJKkkjh/TzF7pWn3J8:PuqAwt/W6NmciXEF3p0zxuXQ/oI6+L

Score
10/10
njrathackeddiscoverytrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

both-foundations.gl.at.ply.gg:60732

Mutex

Microsoft Edge Updater

Attributes
  • reg_key

    Microsoft Edge Updater

  • splitter

    |Hassan|

Targets

    • Target

      antivirusbyemilv1.0.exe

    • Size

      43KB

    • MD5

      04b503df0753a8a4bf74035949215a47

    • SHA1

      fde82e54526910d082a80853730969888d86befd

    • SHA256

      81abb1776a5da5c7844a18f50a4f254eed232c6164b62e2a5fd69d4494c4b943

    • SHA512

      4608a20bfb499bc6a0ca89cab7d080f76f3d7fb2c730492bfa6d7f6301bd50b24af7f228c6a1b5ac06f033c7367fb580279446407bfdad0004669dbdfeb82da2

    • SSDEEP

      384:FZyd5ctOnwtOyW60GmciXEFdZBEk0z2I1zgIij+ZsNO3PlpJKkkjh/TzF7pWn3J8:PuqAwt/W6NmciXEF3p0zxuXQ/oI6+L

    Score
    10/10
    njrathackeddiscoverytrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks