njrat | ea78e84b66500f8387f6acbdb0c6daee5fabc441601b16f89e96369f2a27f28f | Triage

Sharing

General

Target

ea78e84b66500f8387f6acbdb0c6daee5fabc441601b16f89e96369f2a27f28f
Size

337KB
Sample

240420-e1zebahb9t
MD5

d4d41d8698a2db804b24031ab74a78c5
SHA1

8952b815724d5d0b346afcbd78aeaa720d9148d3
SHA256

ea78e84b66500f8387f6acbdb0c6daee5fabc441601b16f89e96369f2a27f28f
SHA512

b806d6e13eec57c0b1e911d2c9110c267d38ea2afffbad5c3eb9f49ab0f67760cee4b2fe8c5c6a402cef0633dc62d4cde6e2fa97fe3fdf43e2c25b2334d9662e
SSDEEP

3072:bRtCqW22UNsDQloeJgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:bfJsPQlJJ1+fIyG5jZkCwi8r

Score

10^/10

njrat persistence trojan

Malware Config

Targets

- Target
  
  ea78e84b66500f8387f6acbdb0c6daee5fabc441601b16f89e96369f2a27f28f
- Size
  
  337KB
- MD5
  
  d4d41d8698a2db804b24031ab74a78c5
- SHA1
  
  8952b815724d5d0b346afcbd78aeaa720d9148d3
- SHA256
  
  ea78e84b66500f8387f6acbdb0c6daee5fabc441601b16f89e96369f2a27f28f
- SHA512
  
  b806d6e13eec57c0b1e911d2c9110c267d38ea2afffbad5c3eb9f49ab0f67760cee4b2fe8c5c6a402cef0633dc62d4cde6e2fa97fe3fdf43e2c25b2334d9662e
- SSDEEP
  
  3072:bRtCqW22UNsDQloeJgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:bfJsPQlJJ1+fIyG5jZkCwi8r
Score

10^/10

njrat persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratpersistencetrojan