njrat | 7d5316d01dfb4863c534812b7161084e5a9b52fa6d0426b7536ce85f34860845 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd5fdb2ca98d2d0aa2c515303e539360N.exe
Size

337KB
Sample

240806-r17f5svhlf
MD5

bd5fdb2ca98d2d0aa2c515303e539360
SHA1

af6754c49ab46fa8a2b882d74d957f63c21079f5
SHA256

7d5316d01dfb4863c534812b7161084e5a9b52fa6d0426b7536ce85f34860845
SHA512

d95a283fa51b0ecb406cf2fd59f7e67c90691a47dde3936424fa35f09e8dcc22e8fe62b8aae91dee0292992a6d29cf8a8de757dab2909426ef9f9e1039695423
SSDEEP

3072:lyrombgtggYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:womb2g1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  bd5fdb2ca98d2d0aa2c515303e539360N.exe
- Size
  
  337KB
- MD5
  
  bd5fdb2ca98d2d0aa2c515303e539360
- SHA1
  
  af6754c49ab46fa8a2b882d74d957f63c21079f5
- SHA256
  
  7d5316d01dfb4863c534812b7161084e5a9b52fa6d0426b7536ce85f34860845
- SHA512
  
  d95a283fa51b0ecb406cf2fd59f7e67c90691a47dde3936424fa35f09e8dcc22e8fe62b8aae91dee0292992a6d29cf8a8de757dab2909426ef9f9e1039695423
- SSDEEP
  
  3072:lyrombgtggYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:womb2g1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan