njrat | 1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79 | Triage

Sharing

General

Target

1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79
Size

460KB
Sample

210923-h1jkmsacer
MD5

3b6f38ea6928bca0be7ce6cf39ec8959
SHA1

5ea0766825327580776bc88add0e9267d97965e5
SHA256

1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79
SHA512

d8355e551f8cfab86523036a69407a86723add802a361eeaf54c65301ed5c4b88713aada239e6e41ac9b326e74f8652488498126d6883b58c5425f0f50543ec0

Score

10^/10

njrat v1 persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

v1

C2

xyz.videomarket.eu:1970

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79
- Size
  
  460KB
- MD5
  
  3b6f38ea6928bca0be7ce6cf39ec8959
- SHA1
  
  5ea0766825327580776bc88add0e9267d97965e5
- SHA256
  
  1a3b100043d6e616674e8ccf0bd086eacccb6985aa8182029a2717aa57be5f79
- SHA512
  
  d8355e551f8cfab86523036a69407a86723add802a361eeaf54c65301ed5c4b88713aada239e6e41ac9b326e74f8652488498126d6883b58c5425f0f50543ec0
Score

10^/10

njrat v1 persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratv1persistencetrojan

behavioral2