njrat | ea5e688302e42146444b9ae29e5479f2f70280698068729beb09b5235d8b3c0f | Triage

Sharing

General

Target

eced8861719a59055754387fcf363a10N.exe
Size

337KB
Sample

240906-xjc4vsshkc
MD5

eced8861719a59055754387fcf363a10
SHA1

b2040f1304c23eb8ea537d9d03fe1988c489f462
SHA256

ea5e688302e42146444b9ae29e5479f2f70280698068729beb09b5235d8b3c0f
SHA512

3dc8baeaef6ec906bfbb6435c0b67c213fa359e4d612aeeb89e2c27466a343f1896365625161613a2e478563c3da49df346868b88825abe5230f8833d31c0fa6
SSDEEP

3072:R7L/2kHnizV3hFgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:RvtHiB3r1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  eced8861719a59055754387fcf363a10N.exe
- Size
  
  337KB
- MD5
  
  eced8861719a59055754387fcf363a10
- SHA1
  
  b2040f1304c23eb8ea537d9d03fe1988c489f462
- SHA256
  
  ea5e688302e42146444b9ae29e5479f2f70280698068729beb09b5235d8b3c0f
- SHA512
  
  3dc8baeaef6ec906bfbb6435c0b67c213fa359e4d612aeeb89e2c27466a343f1896365625161613a2e478563c3da49df346868b88825abe5230f8833d31c0fa6
- SSDEEP
  
  3072:R7L/2kHnizV3hFgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:RvtHiB3r1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan