njrat | 161ac2f439eae6165af8090e8b6a1ca2180e16038af766a9337eb668cf134cab | Triage

Sharing

General

Target

RatClient.exe
Size

39KB
Sample

240901-z59fassalj
MD5

535183e6c2778357f5380a900e22a48e
SHA1

9a93b202f921fb8e8b477bf812befc5d74e2eab2
SHA256

161ac2f439eae6165af8090e8b6a1ca2180e16038af766a9337eb668cf134cab
SHA512

1b4aa4c83d89b112cbd813bc94bd1fa2bb99e76437d6b31f64fe5026d4a9ecc44125dcb6fecd417daa5a71869f774edafae81b96c65a93e538d11d04234ebb71
SSDEEP

768:wvhux8CPRPWROIfQpxybMGUOkKL2fA86TUg5WVTYdai6JuC:0O8CPNrI64opXZiUgo6EZb

Score

10^/10

njrat долбаеб persistence trojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

долбаеб

C2

127.0.0.1:6636

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
|Ghost|

Targets

- Target
  
  RatClient.exe
- Size
  
  39KB
- MD5
  
  535183e6c2778357f5380a900e22a48e
- SHA1
  
  9a93b202f921fb8e8b477bf812befc5d74e2eab2
- SHA256
  
  161ac2f439eae6165af8090e8b6a1ca2180e16038af766a9337eb668cf134cab
- SHA512
  
  1b4aa4c83d89b112cbd813bc94bd1fa2bb99e76437d6b31f64fe5026d4a9ecc44125dcb6fecd417daa5a71869f774edafae81b96c65a93e538d11d04234ebb71
- SSDEEP
  
  768:wvhux8CPRPWROIfQpxybMGUOkKL2fA86TUg5WVTYdai6JuC:0O8CPNrI64opXZiUgo6EZb
Score

10^/10

njrat долбаеб persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratдолбаебpersistencetrojan

behavioral2

njratдолбаебpersistencetrojan