njrat | 71317973861d849b13d1b05269d7b57335d5ce60d03f17b107d11ef46b003398 | Triage

Sharing

General

Target

Payload.exe
Size

55KB
Sample

240526-v1p4msea4s
MD5

d1234a5f973ce744963c57de35839f0a
SHA1

9f7c17536e275fcec7e80a068f16510e755dac24
SHA256

71317973861d849b13d1b05269d7b57335d5ce60d03f17b107d11ef46b003398
SHA512

4c6af121d863871d8af5e520015cb61f108c1ca50d14e475502424e4ae695e5b8ff38eb4e46c63cd090dd35d5af645e040d4d59672a6984afa5a3408ea2019d7
SSDEEP

1536:9wjs4DnAN7jytFADRwsNMDKXExI3pmPm:CI4DnA2PADRwsNMDKXExI3pm

Score

10^/10

njrat victim trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

6.tcp.eu.ngrok.io:17680

Mutex

058b53f3403530f13e9d7658b9e90870

Attributes

reg_key
058b53f3403530f13e9d7658b9e90870
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  d1234a5f973ce744963c57de35839f0a
- SHA1
  
  9f7c17536e275fcec7e80a068f16510e755dac24
- SHA256
  
  71317973861d849b13d1b05269d7b57335d5ce60d03f17b107d11ef46b003398
- SHA512
  
  4c6af121d863871d8af5e520015cb61f108c1ca50d14e475502424e4ae695e5b8ff38eb4e46c63cd090dd35d5af645e040d4d59672a6984afa5a3408ea2019d7
- SSDEEP
  
  1536:9wjs4DnAN7jytFADRwsNMDKXExI3pmPm:CI4DnA2PADRwsNMDKXExI3pm
Score

10^/10

njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2