njrat | e29c24dabaa6b74251eacc2e44696866e4a6e2b3fdda5b1dd8f3b2ecbe22ef30 | Triage

Sharing

General

Target

NEAS.645550c42c7ebdd91141943376998910.exe
Size

337KB
Sample

231103-nvfvfshe7v
MD5

645550c42c7ebdd91141943376998910
SHA1

3de61240a44d9f5a7041d190cc120dad451d58a2
SHA256

e29c24dabaa6b74251eacc2e44696866e4a6e2b3fdda5b1dd8f3b2ecbe22ef30
SHA512

309701f1a3667966b589c0b4f8e11adc8b72b21050bdf0f215c83a6553e6a98fa16c8c05d93144a8b1916986a7c9517899b1786d531671ff92f319f6cd54f5fb
SSDEEP

3072:Ay4yv9H5xlwLvLLFFFoIhWjvgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:VHzlyGv1+fIyG5jZkCwi8r

Score

10^/10

njrat persistence trojan

Malware Config

Targets

- Target
  
  NEAS.645550c42c7ebdd91141943376998910.exe
- Size
  
  337KB
- MD5
  
  645550c42c7ebdd91141943376998910
- SHA1
  
  3de61240a44d9f5a7041d190cc120dad451d58a2
- SHA256
  
  e29c24dabaa6b74251eacc2e44696866e4a6e2b3fdda5b1dd8f3b2ecbe22ef30
- SHA512
  
  309701f1a3667966b589c0b4f8e11adc8b72b21050bdf0f215c83a6553e6a98fa16c8c05d93144a8b1916986a7c9517899b1786d531671ff92f319f6cd54f5fb
- SSDEEP
  
  3072:Ay4yv9H5xlwLvLLFFFoIhWjvgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:VHzlyGv1+fIyG5jZkCwi8r
Score

10^/10

njrat persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratpersistencetrojan