Overview

overview

10

Static

static

10

1.exe

windows7-x64

10

1.exe

windows10-2004-x64

10

Resubmissions

28/02/2025, 11:52

250228-n1qxlszly3 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.pif

  • Size

    27KB

  • Sample

    250228-n1qxlszly3

  • MD5

    7fea22a2152c5246611b244fccc2fe6b

  • SHA1

    915e8a0fcfd69e2867aee2e57a9d8c644fddf557

  • SHA256

    b8ec29f20b68fa98cb130069f99c4a5aa488d7d7a6ed5ba9de6ba56ee292e673

  • SHA512

    a0f1be01ec7c267383252eef78979eb8fac0cde5aedc3f8f6628b4073667f1bd1adcc5ddfdcd172f50d40e2537bbc1114a45e510c4feb0f6344efeff6ff46d3d

  • SSDEEP

    384:GLPCnWzGgqhZArwvaGGuPh5BrM0AQk93vmhm7UMKmIEecKdbXTzm9bVhcam6ir6s:gqvMAi0A/vMHTi9bD

Score
10/10
njrathackeddiscoverypersistencetrojan

Malware Config

Extracted

Family

njrat

Version

v4.0

Botnet

HacKed

C2

paul-nw.gl.at.ply.gg:3111

Mutex

Windows

Attributes
  • reg_key

    Windows

  • splitter

    |-F-|

Targets

    • Target

      1.pif

    • Size

      27KB

    • MD5

      7fea22a2152c5246611b244fccc2fe6b

    • SHA1

      915e8a0fcfd69e2867aee2e57a9d8c644fddf557

    • SHA256

      b8ec29f20b68fa98cb130069f99c4a5aa488d7d7a6ed5ba9de6ba56ee292e673

    • SHA512

      a0f1be01ec7c267383252eef78979eb8fac0cde5aedc3f8f6628b4073667f1bd1adcc5ddfdcd172f50d40e2537bbc1114a45e510c4feb0f6344efeff6ff46d3d

    • SSDEEP

      384:GLPCnWzGgqhZArwvaGGuPh5BrM0AQk93vmhm7UMKmIEecKdbXTzm9bVhcam6ir6s:gqvMAi0A/vMHTi9bD

    Score
    10/10
    njrathackeddiscoverypersistencetrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks