njrat | f19462db16c63e8c26095f8ee024340649e0b2cb26a9ba9d08691b6d01e4f2be | Triage

Sharing

General

Target

c000b245272ad81b74958689e4b3352e
Size

166KB
Sample

240311-gjsasadf5z
MD5

c000b245272ad81b74958689e4b3352e
SHA1

ce74042c88b852c6a5b00186096f0ce42afc38b6
SHA256

f19462db16c63e8c26095f8ee024340649e0b2cb26a9ba9d08691b6d01e4f2be
SHA512

f9b3f811a4be2bee356d9265d15a20a00d41b4a5933d8ab5adcf683ce23cab0ac0b6a7cbdbc97abb509385082aa038d11f1b4f8e502f61e6a42535bbd4df155c
SSDEEP

3072:Z6EsOoG2OGyjn37WIMnhHXmhRZkIQQZ9ophBCvD9hsbVhjv5:PsOotKeIMnimk+EIb5

Score

10^/10

njrat vjw0rm succeed persistence trojan worm

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

SUCCEED

C2

194.5.97.156:7654

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
0149266241@@@

Targets

- Target
  
  c000b245272ad81b74958689e4b3352e
- Size
  
  166KB
- MD5
  
  c000b245272ad81b74958689e4b3352e
- SHA1
  
  ce74042c88b852c6a5b00186096f0ce42afc38b6
- SHA256
  
  f19462db16c63e8c26095f8ee024340649e0b2cb26a9ba9d08691b6d01e4f2be
- SHA512
  
  f9b3f811a4be2bee356d9265d15a20a00d41b4a5933d8ab5adcf683ce23cab0ac0b6a7cbdbc97abb509385082aa038d11f1b4f8e502f61e6a42535bbd4df155c
- SSDEEP
  
  3072:Z6EsOoG2OGyjn37WIMnhHXmhRZkIQQZ9ophBCvD9hsbVhjv5:PsOotKeIMnimk+EIb5
Score

10^/10

njrat vjw0rm succeed persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratvjw0rmsucceedpersistencetrojanworm

behavioral2

vjw0rmpersistencetrojanworm