njrat | 148c79dd5103bdcf29cd837d62806dab07dd41329b5b73f0a49cd0d0902e61d3 | Triage

Sharing

General

Target

46811c1d5ee6760733f363749071f92e.zip
Size

78KB
Sample

240831-lsdafaxerc
MD5

768684a286c29ad59f6d50a99f0479a4
SHA1

41b9f6fce260bedd3288268bf1b3870cfbb4cebf
SHA256

148c79dd5103bdcf29cd837d62806dab07dd41329b5b73f0a49cd0d0902e61d3
SHA512

1ed9000e8356ce587b3bafc36722ac58c0875477609c22ca907da27e7b8c5bc51662ae88050537a5c59e17bb67418fd09476be279db89e611aae5efb19fd0f80
SSDEEP

1536:2rklVCu9pZSx35K4zs+ck6/EBDNIiPEl0d+AGiHKmT:2wbt9w35TMMBDNI90qixT

Score

10^/10

njrat update discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

Update

C2

194.34.132.153:1604

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  15d12789262a679cbefc1b5c4df5432e0592e0b5013c484c82b3a61f524a1365
- Size
  
  127KB
- MD5
  
  46811c1d5ee6760733f363749071f92e
- SHA1
  
  2c10273e7f7b5be5b8b07c9188f07b44a450166c
- SHA256
  
  15d12789262a679cbefc1b5c4df5432e0592e0b5013c484c82b3a61f524a1365
- SHA512
  
  c278092003c4092ea8a5fd8037869a3c6b1ea284862e3da4389d94d2af28251e83be1946114b5d29220f6c27a115d1ff454f8b3fa13c095493a512fdfbee8c20
- SSDEEP
  
  3072:vTjUek9zjP62dkHEgitptSt+X9JvGdA0U3IZ0U+bZ0tm:vejPVkEgijt4OV+U3sJm
Score

10^/10

njrat update discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratupdatediscoverypersistencetrojan

behavioral2

njratupdatediscoverypersistencetrojan