njrat | 167aaecaade260352f23b4994b27df77a902b5a74d52acf1bf08ca75902e8cf9 | Triage

Sharing

General

Target

35c78e7828d3a5eca1d33ca33149ad70_NeikiAnalytics
Size

337KB
Sample

240514-18gecsbg33
MD5

35c78e7828d3a5eca1d33ca33149ad70
SHA1

eed26d175d925d4d814472abbd648efb88e6d40f
SHA256

167aaecaade260352f23b4994b27df77a902b5a74d52acf1bf08ca75902e8cf9
SHA512

63b65ba443820ffc6d54a58c5a1ec807d2eee20cd0858525c1998edf59077aa3c451e950ef559c2eca665ac71bcb5474cd0c91aecdbc437547b4a8d490877f1f
SSDEEP

3072:gYF0rA1l7Nz6ZvsW/rPKtgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:FnRz6ZvsAit1+fIyG5jZkCwi8r

Score

10^/10

njrat persistence trojan

Malware Config

Targets

- Target
  
  35c78e7828d3a5eca1d33ca33149ad70_NeikiAnalytics
- Size
  
  337KB
- MD5
  
  35c78e7828d3a5eca1d33ca33149ad70
- SHA1
  
  eed26d175d925d4d814472abbd648efb88e6d40f
- SHA256
  
  167aaecaade260352f23b4994b27df77a902b5a74d52acf1bf08ca75902e8cf9
- SHA512
  
  63b65ba443820ffc6d54a58c5a1ec807d2eee20cd0858525c1998edf59077aa3c451e950ef559c2eca665ac71bcb5474cd0c91aecdbc437547b4a8d490877f1f
- SSDEEP
  
  3072:gYF0rA1l7Nz6ZvsW/rPKtgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:FnRz6ZvsAit1+fIyG5jZkCwi8r
Score

10^/10

njrat persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratpersistencetrojan