njrat | 00693c43c36b65ecaae75389c0b822e574f8101b9cd28255e85c39c08b2f58ad | Triage

Resubmissions

03-12-2022 09:21

221203-lbt7maab78 10

03-12-2022 08:51

221203-kr5smahd78 10

Sharing

General

Target

691a39afe11e7f9d49332ca30a272708.exe
Size

2.0MB
Sample

221203-lbt7maab78
MD5

691a39afe11e7f9d49332ca30a272708
SHA1

c315bc96feae17e521e40b2f921ff8c7de29368d
SHA256

00693c43c36b65ecaae75389c0b822e574f8101b9cd28255e85c39c08b2f58ad
SHA512

fd02a05ca804ad380d6b51a7073eebd9bcaeb6f7eca13e9a19b49335ee992536ca7e5be78909f392960f085959dfa8134b25598d2e1f98ad06695baf879ff05d
SSDEEP

384:TZyMeHkYz/wpa9GP4Uy277YiKMMQglhOrl9D9O5UE5QzwBlpJNakkjh/TzF7pWnl:dekKR4gh2/YtwgAwvQO+2R+L

Score

10^/10

njrat windows sevice persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

Windows Sevice

C2

7.tcp.eu.ngrok.io:18458

Mutex

Windows Service

Attributes

reg_key
Windows Service
splitter
|Hassan|

Targets

- Target
  
  691a39afe11e7f9d49332ca30a272708.exe
- Size
  
  2.0MB
- MD5
  
  691a39afe11e7f9d49332ca30a272708
- SHA1
  
  c315bc96feae17e521e40b2f921ff8c7de29368d
- SHA256
  
  00693c43c36b65ecaae75389c0b822e574f8101b9cd28255e85c39c08b2f58ad
- SHA512
  
  fd02a05ca804ad380d6b51a7073eebd9bcaeb6f7eca13e9a19b49335ee992536ca7e5be78909f392960f085959dfa8134b25598d2e1f98ad06695baf879ff05d
- SSDEEP
  
  384:TZyMeHkYz/wpa9GP4Uy277YiKMMQglhOrl9D9O5UE5QzwBlpJNakkjh/TzF7pWnl:dekKR4gh2/YtwgAwvQO+2R+L
Score

10^/10

njrat windows sevice persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

windows sevicenjrat

behavioral1

njratwindows sevicepersistencetrojan