njrat | e9da56ffec737a23cb8ee44f6e81ad81612f19a77097cff42c46a561cb554c4c | Triage

Sharing

General

Target

e9da56ffec737a23cb8ee44f6e81ad81612f19a77097cff42c46a561cb554c4c
Size

12KB
Sample

240419-v1lffsbd4t
MD5

57780ebf4448344d3669dfe8e9bdb313
SHA1

403f04d344e28619bcba753949228ef5c596baed
SHA256

e9da56ffec737a23cb8ee44f6e81ad81612f19a77097cff42c46a561cb554c4c
SHA512

ddb300cd82a200de955a63d546f7b6d268946fde930a30fe0d3dcf656621093054197dcfbc0e2711fbd5d070ac967378ba9cf823cbd46850df3cfa9cf6de3acf
SSDEEP

384:3TxvLWd7G+aXaC+EtBrW+7W5OjJib3aHATdd6:3cJG+aXaC+KBirkJK3Ood8

Score

10^/10

njrat persistence trojan

Malware Config

Targets

- Target
  
  09df4341d6f961fe9ee80843d63bc6dbe630229eb4782faf068b3058ac91472e.exe
- Size
  
  36KB
- MD5
  
  76571b3e678fe0a8db4cdd6aa35332b9
- SHA1
  
  3296b8a534a74d462d01cb4502851710575bea2e
- SHA256
  
  09df4341d6f961fe9ee80843d63bc6dbe630229eb4782faf068b3058ac91472e
- SHA512
  
  383c7a0c3cce0fe2fce196456c014c6af55fb773cd9e81ee41f47e5073146b738363197f1659142e137d95326486088d8206c22ba920730a6ab676e20a3b8d7d
- SSDEEP
  
  384:RLd2LzreBCAuKiEZePC45SY2OzRLTm3yilqr6LZbdyvGj:RizrecPEZeK45SssCvGj
Score

10^/10

njrat persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratpersistencetrojan