njrat | 3630851a5d5de243e78f2cf5b4391b9b8850690a70793b0a7eb6a94c3de12cb5 | Triage

Sharing

General

Target

43a67a5f67175a9d05ff7441bfe50670N.exe
Size

337KB
Sample

240831-ycmv6a1gle
MD5

43a67a5f67175a9d05ff7441bfe50670
SHA1

a5a805b9ea7b15d04af8b2d6d2b0375d5c9e4c7e
SHA256

3630851a5d5de243e78f2cf5b4391b9b8850690a70793b0a7eb6a94c3de12cb5
SHA512

041f3e9622faa082de410aca4850aaa1d8125aeb6133d2d687ec562dd6567af0ed9396ac8fccd8a2d603071f3ab459e3397757eee0424ba9d9e9de4644f0c243
SSDEEP

3072:eoKgZxi3MpnrBegYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:+gni38rBe1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  43a67a5f67175a9d05ff7441bfe50670N.exe
- Size
  
  337KB
- MD5
  
  43a67a5f67175a9d05ff7441bfe50670
- SHA1
  
  a5a805b9ea7b15d04af8b2d6d2b0375d5c9e4c7e
- SHA256
  
  3630851a5d5de243e78f2cf5b4391b9b8850690a70793b0a7eb6a94c3de12cb5
- SHA512
  
  041f3e9622faa082de410aca4850aaa1d8125aeb6133d2d687ec562dd6567af0ed9396ac8fccd8a2d603071f3ab459e3397757eee0424ba9d9e9de4644f0c243
- SSDEEP
  
  3072:eoKgZxi3MpnrBegYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:+gni38rBe1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan