Overview

overview

10

Static

static

3

70c8b18ece...c2.exe

windows7-x64

10

70c8b18ece...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70c8b18ece14adc1d775e9eb5c4de116f2d4a283818ad69dd967fc1127130ec2.exe

  • Size

    25KB

  • Sample

    250110-c3x8xs1pdl

  • MD5

    3386d440d3907b4c9322f7842a914026

  • SHA1

    31402ac6467747beaea5957dffcba88d7ca9a249

  • SHA256

    70c8b18ece14adc1d775e9eb5c4de116f2d4a283818ad69dd967fc1127130ec2

  • SHA512

    d2f2cf13448960e4a71de312d9f8edc9083b4964394407c98ac06108aa6d27d8f0c1f6ccabb3e816896585b896425e18cf9760ccccd0315df970446d4dce0abd

  • SSDEEP

    768:svpzorREU6cTM8R0pm8TGaUqKUr0QenOXNolnQ:QkRd6cY8RiHNZYWXNr

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

82.193.104.21:5137

Mutex

Windows Update

Attributes
  • reg_key

    Windows Update

  • splitter

    |Hassan|

Targets

    • Target

      70c8b18ece14adc1d775e9eb5c4de116f2d4a283818ad69dd967fc1127130ec2.exe

    • Size

      25KB

    • MD5

      3386d440d3907b4c9322f7842a914026

    • SHA1

      31402ac6467747beaea5957dffcba88d7ca9a249

    • SHA256

      70c8b18ece14adc1d775e9eb5c4de116f2d4a283818ad69dd967fc1127130ec2

    • SHA512

      d2f2cf13448960e4a71de312d9f8edc9083b4964394407c98ac06108aa6d27d8f0c1f6ccabb3e816896585b896425e18cf9760ccccd0315df970446d4dce0abd

    • SSDEEP

      768:svpzorREU6cTM8R0pm8TGaUqKUr0QenOXNolnQ:QkRd6cY8RiHNZYWXNr

    Score
    10/10
    njrathackedpersistencetrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks