njrat | 4c0f3b5453809a6eec5133d2f723fb1cecd88cdea333788d388c6bc136a6cff6 | Triage

Sharing

General

Target

ttt_protected.exe
Size

92KB
Sample

240328-pg1s5saa47
MD5

a7c8e90e9c06625f808a6f6e5fe4775b
SHA1

ff6749f20753f44ed73ab6b36789d820c0b624e9
SHA256

4c0f3b5453809a6eec5133d2f723fb1cecd88cdea333788d388c6bc136a6cff6
SHA512

b1000d51951d9dc1586154e677f537c1acec6f24e862e68fb955189b27d3afd05a000cc5f39d93e622551b997df0bd990135431206aa142a8252661497bf0025
SSDEEP

1536:PgVsUtzC6QQYPaaSYaOen7RL9d2Iq9srUKaPykvRxsHgY2CSIZing9DbgcWqdaoj:PgVJt26Aa5h9uDKaaLAYXSIZPxbgcWqf

Score

10^/10

njrat test trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

test

C2

127.0.0.1:775

Mutex

7e6cfad0d1c91f6e165fe973f211f70d

Attributes

reg_key
7e6cfad0d1c91f6e165fe973f211f70d
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  ttt_protected.exe
- Size
  
  92KB
- MD5
  
  a7c8e90e9c06625f808a6f6e5fe4775b
- SHA1
  
  ff6749f20753f44ed73ab6b36789d820c0b624e9
- SHA256
  
  4c0f3b5453809a6eec5133d2f723fb1cecd88cdea333788d388c6bc136a6cff6
- SHA512
  
  b1000d51951d9dc1586154e677f537c1acec6f24e862e68fb955189b27d3afd05a000cc5f39d93e622551b997df0bd990135431206aa142a8252661497bf0025
- SSDEEP
  
  1536:PgVsUtzC6QQYPaaSYaOen7RL9d2Iq9srUKaPykvRxsHgY2CSIZing9DbgcWqdaoj:PgVJt26Aa5h9uDKaaLAYXSIZPxbgcWqf
Score

10^/10

njrat test trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njrattesttrojan