njrat | ee09aa8f39c99bdc08e72374939b582580ab0d277f72938b2b7be2d8ae136cfe | Triage

Sharing

General

Target

NEAS.b46e4fbfba7a10fae924c6b2d0ffe490.exe
Size

337KB
Sample

231014-xt7q8agh64
MD5

b46e4fbfba7a10fae924c6b2d0ffe490
SHA1

71a3044707da47aeb8dff00fb954f6cbbd51e7a1
SHA256

ee09aa8f39c99bdc08e72374939b582580ab0d277f72938b2b7be2d8ae136cfe
SHA512

07be9618285d74150ec440209c0f27812bc13531e31b7d52fc776935349ee144772cb05ac9b70b7b876b920d07192eea35de14a1538bb65a534b74899d2ed485
SSDEEP

3072:9rLxDR+6SkWygYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:959SLy1+fIyG5jZkCwi8r

Score

10^/10

njrat persistence trojan

Malware Config

Targets

- Target
  
  NEAS.b46e4fbfba7a10fae924c6b2d0ffe490.exe
- Size
  
  337KB
- MD5
  
  b46e4fbfba7a10fae924c6b2d0ffe490
- SHA1
  
  71a3044707da47aeb8dff00fb954f6cbbd51e7a1
- SHA256
  
  ee09aa8f39c99bdc08e72374939b582580ab0d277f72938b2b7be2d8ae136cfe
- SHA512
  
  07be9618285d74150ec440209c0f27812bc13531e31b7d52fc776935349ee144772cb05ac9b70b7b876b920d07192eea35de14a1538bb65a534b74899d2ed485
- SSDEEP
  
  3072:9rLxDR+6SkWygYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:959SLy1+fIyG5jZkCwi8r
Score

10^/10

njrat persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratpersistencetrojan