Overview

overview

10

Static

static

3

jjexploer.exe

windows10-ltsc_2021-x64

10

Resubmissions

31/03/2025, 01:21

250331-bqtvaszyhx 10

31/03/2025, 01:18

250331-bn4xgszydt 10

31/03/2025, 01:17

250331-bnwwwasqv7 10

29/03/2025, 14:30

250329-rveh6swqw4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jjexploer.exe

  • Size

    25KB

  • Sample

    250331-bn4xgszydt

  • MD5

    48f18e8a6a3f9b0f948b0e11e736f9e5

  • SHA1

    643cec64499163563d018edbece54075c13e7cc3

  • SHA256

    8e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644

  • SHA512

    110a9e9bae0e4d527c6f8e5c9958aff8a13db398f0b18a727e28d69fa30d0bd759033f8efcbb59b11c2c1816b2cb17c43b7453244a198c217aa48cced0088d7b

  • SSDEEP

    768:svpoyEEfxcQ4UBPq9lzcdaxfvM/r7yPV6U6m:QoyhuLUIjzgCfvM/r7yH6m

Score
10/10
njratsvhost.exepersistencetrojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

svhost.exe

C2

animal-premium.gl.at.ply.gg:16843

Mutex

Update

Attributes
  • reg_key

    Update

  • splitter

    |Hassan|

Targets

    • Target

      jjexploer.exe

    • Size

      25KB

    • MD5

      48f18e8a6a3f9b0f948b0e11e736f9e5

    • SHA1

      643cec64499163563d018edbece54075c13e7cc3

    • SHA256

      8e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644

    • SHA512

      110a9e9bae0e4d527c6f8e5c9958aff8a13db398f0b18a727e28d69fa30d0bd759033f8efcbb59b11c2c1816b2cb17c43b7453244a198c217aa48cced0088d7b

    • SSDEEP

      768:svpoyEEfxcQ4UBPq9lzcdaxfvM/r7yPV6U6m:QoyhuLUIjzgCfvM/r7yH6m

    Score
    10/10
    njratsvhost.exepersistencetrojan

    • Njrat family

      njrat

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks