njrat | 05800bdef0d7b8f44dc75059371f671307e96b3442739c0b13f528d4ae7e08d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20be24c90426c82034fafecbf1c96147.bin
Size

17KB
Sample

240615-bhq4fatdpc
MD5

64506852f91e56b21960f4e6c33b09bc
SHA1

ed6a038983de8ca52362b7dbe6ee46cb99c2f0b7
SHA256

05800bdef0d7b8f44dc75059371f671307e96b3442739c0b13f528d4ae7e08d2
SHA512

6091adf68448c956ecd12b9bc5aef8538a6462640d79d0443059b69fa622feeabc7308334d77567126fdea1e5560692db2edc0c55112b2367ae1947aaa654798
SSDEEP

384:TuX2+F805B1eaOkRjGwQK1FCyL1dGvUZbm2Pao5t/C:TJYIFKGWGiyoTC

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:10942

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  80b7e96fc227f23824e4e964d2eedfb030fb4ca43e356d5602a8f65e838488ca.exe
- Size
  
  43KB
- MD5
  
  20be24c90426c82034fafecbf1c96147
- SHA1
  
  c315c20c97014edd96074b2322461cc3eb324720
- SHA256
  
  80b7e96fc227f23824e4e964d2eedfb030fb4ca43e356d5602a8f65e838488ca
- SHA512
  
  797dfdbdefa9de5e966499b800a8a31c648207453ce7e1340c99c5feb6522d567db5a36c5de26e66848799abc86aeba9ae21e4b7dc6eb4d327c84c8c74888da2
- SSDEEP
  
  384:S8ZyCFgyCEFmVoyblVM38K0EBEzMghwzEIij+ZsNO3PlpJKkkjh/TzF7pWn2/grq:S6TFgyVAVlbb2fOQgQuXQ/oz/+L
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedpersistencetrojan