njrat | e53485cd1127d2af7d09d0e7d971f92d13ac910ec1124055868107fa9738648c | Triage

Sharing

General

Target

a257fb9da7db9e80d787283985c8121c.exe
Size

25KB
Sample

211228-d3mymaddd3
MD5

a257fb9da7db9e80d787283985c8121c
SHA1

2c5a07669e3f0e263b7e4eafe79241e03d2683a1
SHA256

e53485cd1127d2af7d09d0e7d971f92d13ac910ec1124055868107fa9738648c
SHA512

04cae19f1d1720f1e2ff8e88a89fea0bb4d40895968ab48588a3cedc6b0c3158430db9093c99a573eb4937bdb2e3d98c925c29c7226e8df46a8f49d491ac02c8

Score

10^/10

njrat pc trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

PC

C2

8.tcp.ngrok.io:17931

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  a257fb9da7db9e80d787283985c8121c.exe
- Size
  
  25KB
- MD5
  
  a257fb9da7db9e80d787283985c8121c
- SHA1
  
  2c5a07669e3f0e263b7e4eafe79241e03d2683a1
- SHA256
  
  e53485cd1127d2af7d09d0e7d971f92d13ac910ec1124055868107fa9738648c
- SHA512
  
  04cae19f1d1720f1e2ff8e88a89fea0bb4d40895968ab48588a3cedc6b0c3158430db9093c99a573eb4937bdb2e3d98c925c29c7226e8df46a8f49d491ac02c8
Score

10^/10

njrat pc trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2