njrat | 3b113e3dc02b46f26d3d6e4cf37299519c222773543491b477986ccd977ee061 | Triage

Sharing

General

Target

3b113e3dc02b46f26d3d6e4cf37299519c222773543491b477986ccd977ee061
Size

337KB
Sample

240831-y8m6sstepp
MD5

8b04472801e70a634d58823e193e9f01
SHA1

02d56603100b8ad51b1216f8f43223ff798a21b8
SHA256

3b113e3dc02b46f26d3d6e4cf37299519c222773543491b477986ccd977ee061
SHA512

ec731d6ba8958368f8a86e890d150eab2c83e84bd1cf5ebe38cfb1c9308767846ba700b2365f1bcf34944e505825944a21a436c93658206dd5b8bc62b412c0f9
SSDEEP

3072:SFoEgbtO2/Ys/gYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:S3gBO2/Ys/1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  3b113e3dc02b46f26d3d6e4cf37299519c222773543491b477986ccd977ee061
- Size
  
  337KB
- MD5
  
  8b04472801e70a634d58823e193e9f01
- SHA1
  
  02d56603100b8ad51b1216f8f43223ff798a21b8
- SHA256
  
  3b113e3dc02b46f26d3d6e4cf37299519c222773543491b477986ccd977ee061
- SHA512
  
  ec731d6ba8958368f8a86e890d150eab2c83e84bd1cf5ebe38cfb1c9308767846ba700b2365f1bcf34944e505825944a21a436c93658206dd5b8bc62b412c0f9
- SSDEEP
  
  3072:SFoEgbtO2/Ys/gYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:S3gBO2/Ys/1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan