njrat | 62903cdbc89eeadf93d8f7e794af22d4ef9ab0e8178dffce29ee99ea39243717 | Triage

Sharing

General

Target

ea3b84fad1d89821f40e392cb44a2e20N.exe
Size

65KB
Sample

240830-gck8wszgrj
MD5

ea3b84fad1d89821f40e392cb44a2e20
SHA1

0ce9053434d3ddac9c55cb15c87f4644e2b802d5
SHA256

62903cdbc89eeadf93d8f7e794af22d4ef9ab0e8178dffce29ee99ea39243717
SHA512

aba531679daded771669fe0b0bd82cc79d55af9406a98b3863886db2cb71c35af3c4680f45e71365245057377e591cf85868640400361ad43aeae40d0f7904ed
SSDEEP

1536:vB4166DoN36tfQviFw1LsMauQsBnvb6fLteF3nLrB9z3nDaF9b5S9vM:vq166DoN36tfQviFCLX/BnGfWl9zTaFn

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:19079

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
|Ghost|

Targets

- Target
  
  ea3b84fad1d89821f40e392cb44a2e20N.exe
- Size
  
  65KB
- MD5
  
  ea3b84fad1d89821f40e392cb44a2e20
- SHA1
  
  0ce9053434d3ddac9c55cb15c87f4644e2b802d5
- SHA256
  
  62903cdbc89eeadf93d8f7e794af22d4ef9ab0e8178dffce29ee99ea39243717
- SHA512
  
  aba531679daded771669fe0b0bd82cc79d55af9406a98b3863886db2cb71c35af3c4680f45e71365245057377e591cf85868640400361ad43aeae40d0f7904ed
- SSDEEP
  
  1536:vB4166DoN36tfQviFw1LsMauQsBnvb6fLteF3nLrB9z3nDaF9b5S9vM:vq166DoN36tfQviFCLX/BnGfWl9zTaFn
Score

10^/10

njrat hacked discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan

behavioral2

njrathackeddiscoverypersistencetrojan