njrat | e3589724f25b06655c87622bc518cf9da0805ac7ef11374284b73d4da6687b0b | Triage

Sharing

General

Target

E3589724F25B06655C87622BC518CF9DA0805AC7EF113.exe
Size

43KB
Sample

220901-jwj62saebm
MD5

f7bd8746c3a025514b3ab87a10e99582
SHA1

579118c7930dfd792788f636db8246409596f00b
SHA256

e3589724f25b06655c87622bc518cf9da0805ac7ef11374284b73d4da6687b0b
SHA512

9eeee996c182134075feedc54caf0786eabd04330f777e6f85829a0508438721605977bb47a800d09bb26364aa74a5fcbdbbb3c1805203fd332db99903aa7569
SSDEEP

384:kZyRSg98NaIyrLPb3cWESES6ik7azsIij+ZsNO3PlpJKkkjh/TzF7pWnU/greT0k:SmywFrzb3cP7QuXQ/o5/+L

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:11672

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  E3589724F25B06655C87622BC518CF9DA0805AC7EF113.exe
- Size
  
  43KB
- MD5
  
  f7bd8746c3a025514b3ab87a10e99582
- SHA1
  
  579118c7930dfd792788f636db8246409596f00b
- SHA256
  
  e3589724f25b06655c87622bc518cf9da0805ac7ef11374284b73d4da6687b0b
- SHA512
  
  9eeee996c182134075feedc54caf0786eabd04330f777e6f85829a0508438721605977bb47a800d09bb26364aa74a5fcbdbbb3c1805203fd332db99903aa7569
- SSDEEP
  
  384:kZyRSg98NaIyrLPb3cWESES6ik7azsIij+ZsNO3PlpJKkkjh/TzF7pWnU/greT0k:SmywFrzb3cP7QuXQ/o5/+L
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedpersistencetrojan