njrat | 0b7123b2792673039dbffa03db0b8da57e65b6bdb4ab10cef1972220530a6cd8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1524-57-0x0000000000310000-0x0000000000322000-memory.dmp
Size

72KB
Sample

230521-gy9hlsbb4s
MD5

947af0fdddda235ab1cf2c8735591204
SHA1

953efb0afa8e05295995b2f3b1ffb5f2771c28e6
SHA256

0b7123b2792673039dbffa03db0b8da57e65b6bdb4ab10cef1972220530a6cd8
SHA512

881f5f8ccd77466950994c7d07ab650d84dd3f2e7008a59cb5d3096db8b9502ba02e9d9edef2c7e7fefddd646089b68ead9eadcb21f6582d9029461b86879be8
SSDEEP

384:MZy1qFgpWoy7krZtEVOsMBIHAkHC9D9O5UE5QzwBlpJNakkjh/TzF7pWnLH3gree:qnWol70ZtGOKgcvQO+GHd+LGkF

Score

10^/10

njrat teste persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

teste

C2

0.tcp.ngrok.io:18236

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  1524-57-0x0000000000310000-0x0000000000322000-memory.dmp
- Size
  
  72KB
- MD5
  
  947af0fdddda235ab1cf2c8735591204
- SHA1
  
  953efb0afa8e05295995b2f3b1ffb5f2771c28e6
- SHA256
  
  0b7123b2792673039dbffa03db0b8da57e65b6bdb4ab10cef1972220530a6cd8
- SHA512
  
  881f5f8ccd77466950994c7d07ab650d84dd3f2e7008a59cb5d3096db8b9502ba02e9d9edef2c7e7fefddd646089b68ead9eadcb21f6582d9029461b86879be8
- SSDEEP
  
  384:MZy1qFgpWoy7krZtEVOsMBIHAkHC9D9O5UE5QzwBlpJNakkjh/TzF7pWnLH3gree:qnWol70ZtGOKgcvQO+GHd+LGkF
Score

10^/10

njrat teste persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrattestepersistencetrojan

behavioral2

njrattestepersistencetrojan