njrat | 09b1244ffa65451751d8b90c7853de52deeb64b977978b30d79147fef1235772 | Triage

Resubmissions

23-05-2024 18:27

240523-w3rwpabg71 10

Sharing

General

Target

09b1244ffa65451751d8b90c7853de52deeb64b977978b30d79147fef1235772
Size

337KB
Sample

240523-w3rwpabg71
MD5

a305932576371ff8a142a9ea4f25edf0
SHA1

db746a739992bfd2bbff4265b2c5c804c46bf178
SHA256

09b1244ffa65451751d8b90c7853de52deeb64b977978b30d79147fef1235772
SHA512

a56fe078442e3d7dcdfc4199172ebb04a5c619183efb3fb87b3103c99cc019566812e615e69a970784f7e3f1d4688a2a37c59fedaf6a77a7a25ff00f63326529
SSDEEP

3072:/6ff1Df5LXDbdPXgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:/Gf5LzxX1+fIyG5jZkCwi8r

Score

10^/10

njrat persistence trojan

Malware Config

Targets

- Target
  
  09b1244ffa65451751d8b90c7853de52deeb64b977978b30d79147fef1235772
- Size
  
  337KB
- MD5
  
  a305932576371ff8a142a9ea4f25edf0
- SHA1
  
  db746a739992bfd2bbff4265b2c5c804c46bf178
- SHA256
  
  09b1244ffa65451751d8b90c7853de52deeb64b977978b30d79147fef1235772
- SHA512
  
  a56fe078442e3d7dcdfc4199172ebb04a5c619183efb3fb87b3103c99cc019566812e615e69a970784f7e3f1d4688a2a37c59fedaf6a77a7a25ff00f63326529
- SSDEEP
  
  3072:/6ff1Df5LXDbdPXgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:/Gf5LzxX1+fIyG5jZkCwi8r
Score

10^/10

njrat persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratpersistencetrojan