Resubmissions

31/03/2025, 01:21 UTC

250331-bqtvaszyhx 10

31/03/2025, 01:18 UTC

250331-bn4xgszydt 10

31/03/2025, 01:17 UTC

250331-bnwwwasqv7 10

29/03/2025, 14:30 UTC

250329-rveh6swqw4 10

General

  • Target

    jjexploer.exe

  • Size

    25KB

  • Sample

    250329-rveh6swqw4

  • MD5

    48f18e8a6a3f9b0f948b0e11e736f9e5

  • SHA1

    643cec64499163563d018edbece54075c13e7cc3

  • SHA256

    8e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644

  • SHA512

    110a9e9bae0e4d527c6f8e5c9958aff8a13db398f0b18a727e28d69fa30d0bd759033f8efcbb59b11c2c1816b2cb17c43b7453244a198c217aa48cced0088d7b

  • SSDEEP

    768:svpoyEEfxcQ4UBPq9lzcdaxfvM/r7yPV6U6m:QoyhuLUIjzgCfvM/r7yH6m

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

svhost.exe

C2

animal-premium.gl.at.ply.gg:16843

Mutex

Update

Attributes
  • reg_key

    Update

  • splitter

    |Hassan|

Targets

    • Target

      jjexploer.exe

    • Size

      25KB

    • MD5

      48f18e8a6a3f9b0f948b0e11e736f9e5

    • SHA1

      643cec64499163563d018edbece54075c13e7cc3

    • SHA256

      8e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644

    • SHA512

      110a9e9bae0e4d527c6f8e5c9958aff8a13db398f0b18a727e28d69fa30d0bd759033f8efcbb59b11c2c1816b2cb17c43b7453244a198c217aa48cced0088d7b

    • SSDEEP

      768:svpoyEEfxcQ4UBPq9lzcdaxfvM/r7yPV6U6m:QoyhuLUIjzgCfvM/r7yH6m

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.