njrat | 758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969 | Triage

Sharing

General

Target

758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969
Size

43KB
Sample

220520-e21nrshhd6
MD5

284ca9864936da3ed48b7a397bad95f5
SHA1

6755816744f12e65e599dae6d8bfbf695a2edb92
SHA256

758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969
SHA512

c72efc254ccda856bec0689818988685b8c7f11462563abaea87a00f962e9fdf38508aad546a3d7df74f716f9253f40517ad35e3fca09a26221ed55138291fde

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.ngrok.io:18260

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969
- Size
  
  43KB
- MD5
  
  284ca9864936da3ed48b7a397bad95f5
- SHA1
  
  6755816744f12e65e599dae6d8bfbf695a2edb92
- SHA256
  
  758874baf48121f39d10505750a86d3cb233534d1b4a6ffc65362d95d491d969
- SHA512
  
  c72efc254ccda856bec0689818988685b8c7f11462563abaea87a00f962e9fdf38508aad546a3d7df74f716f9253f40517ad35e3fca09a26221ed55138291fde
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedpersistencetrojan