njrat | 014f0d19ffeff49332c29c1c4edf16523928c822857fbde256d6da21bf6424e8 | Triage

Sharing

General

Target

rat.exe
Size

64KB
Sample

230728-k91avscf65
MD5

8aa7c1cb0920d957870c48e543c8d0b5
SHA1

a7ed7edffeb04b786617b28f7ffde11a84f4f855
SHA256

014f0d19ffeff49332c29c1c4edf16523928c822857fbde256d6da21bf6424e8
SHA512

7e5f9b77d1a97252b8d388bf42233649a9ecfb6ab6f41dd7756eab5c595c19e34673a670a0cc474e62cd3df0a1906eeb8dd500569dfad058680cd0eff3a509a1
SSDEEP

1536:TvDmGXoN36tcQviFw1WeHpYBnvbWfLteF3nLrB9z3nGaF9bUS9vM:TLmGXoN36tcQviFCbHCBn6fWl9zWaF9

Score

10^/10

njrat mybot trojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

MyBot

C2

127.0.0.1:54077

Mutex

steamwebhelper.exe

Attributes

reg_key
steamwebhelper.exe
splitter
|Ghost|

Targets

- Target
  
  rat.exe
- Size
  
  64KB
- MD5
  
  8aa7c1cb0920d957870c48e543c8d0b5
- SHA1
  
  a7ed7edffeb04b786617b28f7ffde11a84f4f855
- SHA256
  
  014f0d19ffeff49332c29c1c4edf16523928c822857fbde256d6da21bf6424e8
- SHA512
  
  7e5f9b77d1a97252b8d388bf42233649a9ecfb6ab6f41dd7756eab5c595c19e34673a670a0cc474e62cd3df0a1906eeb8dd500569dfad058680cd0eff3a509a1
- SSDEEP
  
  1536:TvDmGXoN36tcQviFw1WeHpYBnvbWfLteF3nLrB9z3nGaF9bUS9vM:TLmGXoN36tcQviFCbHCBn6fWl9zWaF9
Score

10^/10

njrat mybot trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratmybottrojan