njrat | 874b22d53f2f14d16d776f492a287e2f202d24a4ec9bb033b072ab44d94c4633 | Triage

Sharing

General

Target

874b22d53f2f14d16d776f492a287e2f202d24a4ec9bb033b072ab44d94c4633
Size

337KB
Sample

240902-a5xdasxera
MD5

5837b5ec8d9aa5c050199979305e323a
SHA1

5a2eac4f0b4017bbb4366e41e30d834710a7423e
SHA256

874b22d53f2f14d16d776f492a287e2f202d24a4ec9bb033b072ab44d94c4633
SHA512

273787c3677e5e298844702961fe97916b2a74919f67ee3084e0a034b050ff7805a94f8f17a8011a4d0eba6d5e2c745a549fcf4fab9682ff99d003f0e96116cb
SSDEEP

3072:ZwDMwVrn0FgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:Ze0F1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  874b22d53f2f14d16d776f492a287e2f202d24a4ec9bb033b072ab44d94c4633
- Size
  
  337KB
- MD5
  
  5837b5ec8d9aa5c050199979305e323a
- SHA1
  
  5a2eac4f0b4017bbb4366e41e30d834710a7423e
- SHA256
  
  874b22d53f2f14d16d776f492a287e2f202d24a4ec9bb033b072ab44d94c4633
- SHA512
  
  273787c3677e5e298844702961fe97916b2a74919f67ee3084e0a034b050ff7805a94f8f17a8011a4d0eba6d5e2c745a549fcf4fab9682ff99d003f0e96116cb
- SSDEEP
  
  3072:ZwDMwVrn0FgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:Ze0F1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan