njrat | 8102c94006b56c6f7ce4868615b4ae2a8f903cdd02a4539cc16c4453433041f1 | Triage

Sharing

General

Target

c2236c9104ae6e234943ed8f99b42350N.exe
Size

337KB
Sample

240725-my4j9axemd
MD5

c2236c9104ae6e234943ed8f99b42350
SHA1

62ff67d34625a6ae959ff92ef5fb00fe5d0518ea
SHA256

8102c94006b56c6f7ce4868615b4ae2a8f903cdd02a4539cc16c4453433041f1
SHA512

377a07cb6e1047e9ff85ffdb2c862df2a81ddf51bab81465b316d338f860cac442e1e1e25a0850c33f5a47b304c32daceb6f5306d127ed36c492ffd584890ffa
SSDEEP

3072:jD2FNAF8kEoWjOkgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:GFNkE3jOk1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  c2236c9104ae6e234943ed8f99b42350N.exe
- Size
  
  337KB
- MD5
  
  c2236c9104ae6e234943ed8f99b42350
- SHA1
  
  62ff67d34625a6ae959ff92ef5fb00fe5d0518ea
- SHA256
  
  8102c94006b56c6f7ce4868615b4ae2a8f903cdd02a4539cc16c4453433041f1
- SHA512
  
  377a07cb6e1047e9ff85ffdb2c862df2a81ddf51bab81465b316d338f860cac442e1e1e25a0850c33f5a47b304c32daceb6f5306d127ed36c492ffd584890ffa
- SSDEEP
  
  3072:jD2FNAF8kEoWjOkgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:GFNkE3jOk1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan