njrat | 3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e | Triage

Sharing

General

Target

3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e
Size

126KB
Sample

210930-psxkvshga8
MD5

908eba5a2eb01adb8dec24796369a583
SHA1

390772bf93171a02e4d22b8c262854ffbd1cd132
SHA256

3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e
SHA512

1dbfbe2feb32ec8bb5c3f297a7e1a56c0df5bf7bbed4f3bdc79eddd2c77664ba647a493c28837e8fd558615026c1dbddf5627b0f7747409d173a9c55e48e4752

Score

10^/10

njrat @ west - hacking k.s.a @ persistence trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

@ WeSt - HaCkInG K.S.A @

C2

w187.ddns.net:22

Mutex

Intel HD Graphics Drivers for Windows(R)

Attributes

reg_key
Intel HD Graphics Drivers for Windows(R)
splitter
|-F-|

Targets

- Target
  
  3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e
- Size
  
  126KB
- MD5
  
  908eba5a2eb01adb8dec24796369a583
- SHA1
  
  390772bf93171a02e4d22b8c262854ffbd1cd132
- SHA256
  
  3a257336a2fd2160305094d425c7426dc07b5aa311eb7e31d5ac5d71d2cf8d4e
- SHA512
  
  1dbfbe2feb32ec8bb5c3f297a7e1a56c0df5bf7bbed4f3bdc79eddd2c77664ba647a493c28837e8fd558615026c1dbddf5627b0f7747409d173a9c55e48e4752
Score

10^/10

njrat @ west - hacking k.s.a @ persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat@ west - hacking k.s.a @ persistencetrojan

behavioral2

njrat@ west - hacking k.s.a @ persistencetrojan