njrat | c3ecb60634ee3e18fb05e1ebb99ceeb681719627c85eb5a5aa662242adb0b67f | Triage

Sharing

General

Target

c3ecb60634ee3e18fb05e1ebb99ceeb681719627c85eb5a5aa662242adb0b67f
Size

125KB
Sample

210930-qbc1kahhfj
MD5

3fbf4474b23237150d9018329c00a1f1
SHA1

182410f52162e2c65b3491adfdc80e2bdd05fe50
SHA256

c3ecb60634ee3e18fb05e1ebb99ceeb681719627c85eb5a5aa662242adb0b67f
SHA512

65293c7d99abdb7fc9539f9a1a1640ccfb0a11e06f9949639b7592de2445f6144652666fefd8eb2570207833df85041a754af85fd077e4f0a92b0b33a74ee907

Score

10^/10

njrat @ west - hacking k.s.a @ persistence trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

@ WeSt - HaCkInG K.S.A @

C2

w187.ddns.net:22

Mutex

Intel HD Graphics Drivers for Windows(R)

Attributes

reg_key
Intel HD Graphics Drivers for Windows(R)
splitter
|-F-|

Targets

- Target
  
  c3ecb60634ee3e18fb05e1ebb99ceeb681719627c85eb5a5aa662242adb0b67f
- Size
  
  125KB
- MD5
  
  3fbf4474b23237150d9018329c00a1f1
- SHA1
  
  182410f52162e2c65b3491adfdc80e2bdd05fe50
- SHA256
  
  c3ecb60634ee3e18fb05e1ebb99ceeb681719627c85eb5a5aa662242adb0b67f
- SHA512
  
  65293c7d99abdb7fc9539f9a1a1640ccfb0a11e06f9949639b7592de2445f6144652666fefd8eb2570207833df85041a754af85fd077e4f0a92b0b33a74ee907
Score

10^/10

njrat @ west - hacking k.s.a @ persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat@ west - hacking k.s.a @ persistencetrojan

behavioral2

njrat@ west - hacking k.s.a @ persistencetrojan