njrat | 7da38e7a350512181bf0bc5e737b6f40208428b72ad578ecfb9bf729af98f172 | Triage

Sharing

General

Target

Discord Tokken Grabber.exe
Size

98KB
Sample

220424-vgdaqshfh3
MD5

75c86f9a030999c57b68690c7a727862
SHA1

6b046349d789bf6679c465ccfb0d21402077616c
SHA256

7da38e7a350512181bf0bc5e737b6f40208428b72ad578ecfb9bf729af98f172
SHA512

9df16e44273a6ecc47deaac5d3c409d78188b9d0500dbe27d071312dcb834e9f54114dfae003214a7d81ccfd135e312be9e5e762b16d21c2da1bdc698eeeac16

Score

10^/10

njrat hacked by hidden person evasion persistence trojan

Malware Config

Extracted

Family

njrat

Botnet

Hacked By HiDDen PerSOn

Mutex

b238f740560279557e7f122983c7ba65

Attributes

reg_key
b238f740560279557e7f122983c7ba65

Targets

- Target
  
  Discord Tokken Grabber.exe
- Size
  
  98KB
- MD5
  
  75c86f9a030999c57b68690c7a727862
- SHA1
  
  6b046349d789bf6679c465ccfb0d21402077616c
- SHA256
  
  7da38e7a350512181bf0bc5e737b6f40208428b72ad578ecfb9bf729af98f172
- SHA512
  
  9df16e44273a6ecc47deaac5d3c409d78188b9d0500dbe27d071312dcb834e9f54114dfae003214a7d81ccfd135e312be9e5e762b16d21c2da1bdc698eeeac16
Score

10^/10

njrat hacked by hidden person evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

hacked by hidden personnjrat

behavioral1

njrathacked by hidden personevasionpersistencetrojan

behavioral2

njrathacked by hidden personevasionpersistencetrojan