njrat | 3fa80717e65b1427908e08b6aab3d156143775bd15742b737b4272bc5b5ad80e | Triage

Sharing

General

Target

3fa80717e65b1427908e08b6aab3d156143775bd15742b737b4272bc5b5ad80e
Size

295KB
Sample

210930-pjcjbshff4
MD5

1b2563bac18f9d04cc3f177fc375ca79
SHA1

c4cad0cdecf5ce9cfa247fa448f074a9b568d688
SHA256

3fa80717e65b1427908e08b6aab3d156143775bd15742b737b4272bc5b5ad80e
SHA512

dbe1440a5c39fbb9f562061691ffe875db0e2159b9f8ffa97f3c2795a8dd129e8a0d830e22b40ceae5ee3a423e8005f110d5db704480ef44de76cc0e1569dcc6

Score

10^/10

njrat @ west - hacking k.s.a @ persistence trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

@ WeSt - HaCkInG K.S.A @

C2

w187.ddns.net:22

Mutex

Intel HD Graphics Drivers for Windows(R)

Attributes

reg_key
Intel HD Graphics Drivers for Windows(R)
splitter
|-F-|

Targets

- Target
  
  3fa80717e65b1427908e08b6aab3d156143775bd15742b737b4272bc5b5ad80e
- Size
  
  295KB
- MD5
  
  1b2563bac18f9d04cc3f177fc375ca79
- SHA1
  
  c4cad0cdecf5ce9cfa247fa448f074a9b568d688
- SHA256
  
  3fa80717e65b1427908e08b6aab3d156143775bd15742b737b4272bc5b5ad80e
- SHA512
  
  dbe1440a5c39fbb9f562061691ffe875db0e2159b9f8ffa97f3c2795a8dd129e8a0d830e22b40ceae5ee3a423e8005f110d5db704480ef44de76cc0e1569dcc6
Score

10^/10

njrat @ west - hacking k.s.a @ persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat@ west - hacking k.s.a @ persistencetrojan

behavioral2

njrat@ west - hacking k.s.a @ persistencetrojan