njrat | 366d60251a3ba0996a4fefb2930fe9c7e46eb47560c92f416a5c5cf3f2413a8b | Triage

Sharing

General

Target

bab848aa4e4a97ddcb2f7762e28cfba0N.exe
Size

337KB
Sample

240906-b4x4wazdnf
MD5

bab848aa4e4a97ddcb2f7762e28cfba0
SHA1

b337df5fcb2bf966c2d31f90976789069a9ac523
SHA256

366d60251a3ba0996a4fefb2930fe9c7e46eb47560c92f416a5c5cf3f2413a8b
SHA512

0be96090c9dbf631415306d350bf2d108bef1b0a41fcb1275a040d1a272bee060fa1806c5f138a1c4f08eec57a5b97ece17b5e874cf03a8810cc4b7595fff303
SSDEEP

3072:CnhgXz64wGDJgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:kgXz6tCJ1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  bab848aa4e4a97ddcb2f7762e28cfba0N.exe
- Size
  
  337KB
- MD5
  
  bab848aa4e4a97ddcb2f7762e28cfba0
- SHA1
  
  b337df5fcb2bf966c2d31f90976789069a9ac523
- SHA256
  
  366d60251a3ba0996a4fefb2930fe9c7e46eb47560c92f416a5c5cf3f2413a8b
- SHA512
  
  0be96090c9dbf631415306d350bf2d108bef1b0a41fcb1275a040d1a272bee060fa1806c5f138a1c4f08eec57a5b97ece17b5e874cf03a8810cc4b7595fff303
- SSDEEP
  
  3072:CnhgXz64wGDJgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:kgXz6tCJ1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan