njrat | 52909f1bd69861ea6ec0c4ae47c7618825ef377c468bab8c52dbf228767e5a63 | Triage

Sharing

General

Target

ttt.exe
Size

68KB
Sample

240328-pgdcvacb9s
MD5

6c92268ae4054fe0d86843b9ffeaca23
SHA1

44b1eed12fe728f5271545992c429de1a3e5eff9
SHA256

52909f1bd69861ea6ec0c4ae47c7618825ef377c468bab8c52dbf228767e5a63
SHA512

69f5583186cc267e8fd9a6c96edfc5018441c43c1bea0e74b9232f249072b3309bc45fd9d8ea3813ef46109a095a4eee28657c901d80ae09393f870833900c97
SSDEEP

1536:EWCsUtzC6QQYPaaSYaOen7RL9d2Iq9srUKaPykvRxsHgY2CSIZioff9Qbqg:EWCJt26Aa5h9uDKaaLAYXSIZhff9Q+g

Score

10^/10

njrat test trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

test

C2

127.0.0.1:775

Mutex

7e6cfad0d1c91f6e165fe973f211f70d

Attributes

reg_key
7e6cfad0d1c91f6e165fe973f211f70d
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  ttt.exe
- Size
  
  68KB
- MD5
  
  6c92268ae4054fe0d86843b9ffeaca23
- SHA1
  
  44b1eed12fe728f5271545992c429de1a3e5eff9
- SHA256
  
  52909f1bd69861ea6ec0c4ae47c7618825ef377c468bab8c52dbf228767e5a63
- SHA512
  
  69f5583186cc267e8fd9a6c96edfc5018441c43c1bea0e74b9232f249072b3309bc45fd9d8ea3813ef46109a095a4eee28657c901d80ae09393f870833900c97
- SSDEEP
  
  1536:EWCsUtzC6QQYPaaSYaOen7RL9d2Iq9srUKaPykvRxsHgY2CSIZioff9Qbqg:EWCJt26Aa5h9uDKaaLAYXSIZhff9Q+g
Score

10^/10

njrat test trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njrattesttrojan