njrat | ec4cd327cf62d00bd67b54eb786c6e81af270fdc17d31d6861670aefdaa92ea1 | Triage

Sharing

General

Target

extrim.exe
Size

25KB
Sample

240907-wpnbcaxalp
MD5

e57942bcdcbea1e24f8eb91f28d941ed
SHA1

03a80129434d5721a1883f8cde5b89b94ded4026
SHA256

ec4cd327cf62d00bd67b54eb786c6e81af270fdc17d31d6861670aefdaa92ea1
SHA512

e6fa2f08b9d339b5de2483373891dad44e6b7ff832190770acabd005c1987acac2c22891b272a73861e86b2e7b65ca681e42774141023809beac46a6b6f7c422
SSDEEP

768:5vkgXF2UVmVknCwRRi7iEIk9Pm5huNR2R:ygQUVm4CwRRqD9PwuNR2R

Score

10^/10

njrat ??????? ??????? ??????? ?? ????persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

??????? ??????? ??????? ?? ????

C2

10.0.0.100:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  extrim.exe
- Size
  
  25KB
- MD5
  
  e57942bcdcbea1e24f8eb91f28d941ed
- SHA1
  
  03a80129434d5721a1883f8cde5b89b94ded4026
- SHA256
  
  ec4cd327cf62d00bd67b54eb786c6e81af270fdc17d31d6861670aefdaa92ea1
- SHA512
  
  e6fa2f08b9d339b5de2483373891dad44e6b7ff832190770acabd005c1987acac2c22891b272a73861e86b2e7b65ca681e42774141023809beac46a6b6f7c422
- SSDEEP
  
  768:5vkgXF2UVmVknCwRRi7iEIk9Pm5huNR2R:ygQUVm4CwRRqD9PwuNR2R
Score

10^/10

njrat ??????? ??????? ??????? ?? ????persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat??????? ??????? ??????? ?? ????persistencetrojan

behavioral2

njrat??????? ??????? ??????? ?? ????persistencetrojan