njrat | 351eb2e4b8322d6f7c303fa553061804b48ffd14cf505dd22da79ad6bc0c2eac | Triage

Sharing

General

Target

a73d1f3b6ff9a17cb996854fa9d2e9c0N.exe
Size

337KB
Sample

240716-md4phsxgjp
MD5

a73d1f3b6ff9a17cb996854fa9d2e9c0
SHA1

ab54f2e43761e103feab654d20ad5bbb239620e1
SHA256

351eb2e4b8322d6f7c303fa553061804b48ffd14cf505dd22da79ad6bc0c2eac
SHA512

2d4064b0e0983cb7ccb48791c2daa4ba61e74419b71c7faca646a60a72f4cc6c5fb33103cd58eb8acbda4e9b1ced2dd4ae4a55094bb407de12b6c2cd69e64eab
SSDEEP

3072:4HT2ijxbHR05/JTgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:oT2uxbi5/JT1+fIyG5jZkCwi8r

Score

10^/10

njrat persistence trojan

Malware Config

Targets

- Target
  
  a73d1f3b6ff9a17cb996854fa9d2e9c0N.exe
- Size
  
  337KB
- MD5
  
  a73d1f3b6ff9a17cb996854fa9d2e9c0
- SHA1
  
  ab54f2e43761e103feab654d20ad5bbb239620e1
- SHA256
  
  351eb2e4b8322d6f7c303fa553061804b48ffd14cf505dd22da79ad6bc0c2eac
- SHA512
  
  2d4064b0e0983cb7ccb48791c2daa4ba61e74419b71c7faca646a60a72f4cc6c5fb33103cd58eb8acbda4e9b1ced2dd4ae4a55094bb407de12b6c2cd69e64eab
- SSDEEP
  
  3072:4HT2ijxbHR05/JTgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:oT2uxbi5/JT1+fIyG5jZkCwi8r
Score

10^/10

njrat persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratpersistencetrojan

behavioral2

njratpersistencetrojan