njrat | bfa74e548efbc9dda9420f88bb84f6f23c034399a16df9093b6a27e33621e44b | Triage

Sharing

General

Target

b93287f2b98af1aefebef7a4b46a689c.exe
Size

43KB
Sample

220107-bkh6lsbga7
MD5

b93287f2b98af1aefebef7a4b46a689c
SHA1

1329369d122864910f735aa6b1740e85516806c1
SHA256

bfa74e548efbc9dda9420f88bb84f6f23c034399a16df9093b6a27e33621e44b
SHA512

7fe3185f2c9f0b37f69f780fecb0ff8240116267249212b39371d4966453c6cd018f43b8690c06e5f3beb79a1a2103625e6bd408b284a066eef36c4d5111f067

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

6.tcp.ngrok.io:15544

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  b93287f2b98af1aefebef7a4b46a689c.exe
- Size
  
  43KB
- MD5
  
  b93287f2b98af1aefebef7a4b46a689c
- SHA1
  
  1329369d122864910f735aa6b1740e85516806c1
- SHA256
  
  bfa74e548efbc9dda9420f88bb84f6f23c034399a16df9093b6a27e33621e44b
- SHA512
  
  7fe3185f2c9f0b37f69f780fecb0ff8240116267249212b39371d4966453c6cd018f43b8690c06e5f3beb79a1a2103625e6bd408b284a066eef36c4d5111f067
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedpersistencetrojan