njrat | 7fd5da6fe8c74a939edfc6cc33c0eb86f97fcdea1ca305f054c09c833a81e6d1 | Triage

Sharing

General

Target

d623d749979ec8229b59844a7331b1a0N
Size

337KB
Sample

240907-x1mdvszfkn
MD5

d623d749979ec8229b59844a7331b1a0
SHA1

e7224cb6e42be339624b39c217aeb44405b4d419
SHA256

7fd5da6fe8c74a939edfc6cc33c0eb86f97fcdea1ca305f054c09c833a81e6d1
SHA512

395fe8237db3c92bd701515cc98d447504bd19fdd09f0403566f4a13ed86e9ac5f2d3784da2b5d69beb5c3c7c87bf98f3aea7499f9c59af04bf3598aeb761f55
SSDEEP

3072:ybEyiklDsHJ1OQ9GgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:ybEyPlDO13G1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  d623d749979ec8229b59844a7331b1a0N
- Size
  
  337KB
- MD5
  
  d623d749979ec8229b59844a7331b1a0
- SHA1
  
  e7224cb6e42be339624b39c217aeb44405b4d419
- SHA256
  
  7fd5da6fe8c74a939edfc6cc33c0eb86f97fcdea1ca305f054c09c833a81e6d1
- SHA512
  
  395fe8237db3c92bd701515cc98d447504bd19fdd09f0403566f4a13ed86e9ac5f2d3784da2b5d69beb5c3c7c87bf98f3aea7499f9c59af04bf3598aeb761f55
- SSDEEP
  
  3072:ybEyiklDsHJ1OQ9GgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:ybEyPlDO13G1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan