njrat | 161ead6b56b5942aa9505d8e82a4082ac07ee131277f27f51f066ffba4b5ed82 | Triage

Sharing

General

Target

ed304b066eb91147920dcaeae30aea60N.exe
Size

337KB
Sample

240902-ck5kaazcrc
MD5

ed304b066eb91147920dcaeae30aea60
SHA1

ad1c2e2edcbf90f7e4a9ad833943d8db02424670
SHA256

161ead6b56b5942aa9505d8e82a4082ac07ee131277f27f51f066ffba4b5ed82
SHA512

a43791d1aa2c8e0d67a4a6162369c9700de49186494fe8c2351c14a15f15ad37d67029038558a79a739197cccfd9cee4f037098c2facd015f66f9d7dd4ac1761
SSDEEP

3072:LMFQMtXWIxJBgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:mFtX5B1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  ed304b066eb91147920dcaeae30aea60N.exe
- Size
  
  337KB
- MD5
  
  ed304b066eb91147920dcaeae30aea60
- SHA1
  
  ad1c2e2edcbf90f7e4a9ad833943d8db02424670
- SHA256
  
  161ead6b56b5942aa9505d8e82a4082ac07ee131277f27f51f066ffba4b5ed82
- SHA512
  
  a43791d1aa2c8e0d67a4a6162369c9700de49186494fe8c2351c14a15f15ad37d67029038558a79a739197cccfd9cee4f037098c2facd015f66f9d7dd4ac1761
- SSDEEP
  
  3072:LMFQMtXWIxJBgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:mFtX5B1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan