njrat | 4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20 | Triage

Sharing

General

Target

4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20
Size

25KB
Sample

220520-e6hzhsaba7
MD5

50ac82add3a8885d8d42a7779998adb2
SHA1

b8f7e9527ac4aaf550702a3a8491e3401c3b71e2
SHA256

4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20
SHA512

d36a4165093495d456c9e21baab044d359f5dad0364c491f3242674313387e60cb901f1d03a9c329baf7e02485c8981535d13b910c8d504f17a0512ba2a357dc

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

94.180.24.188:7777

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20
- Size
  
  25KB
- MD5
  
  50ac82add3a8885d8d42a7779998adb2
- SHA1
  
  b8f7e9527ac4aaf550702a3a8491e3401c3b71e2
- SHA256
  
  4bd1599ba37768d9fd9aacfa5074bbc02986e5f378b78bf8ed753c2b297b2f20
- SHA512
  
  d36a4165093495d456c9e21baab044d359f5dad0364c491f3242674313387e60cb901f1d03a9c329baf7e02485c8981535d13b910c8d504f17a0512ba2a357dc
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2