njrat | fdaeb65b64bf88b653fb0e174ccc013afe50630f587569741324d04e18ebc388 | Triage

Sharing

General

Target

25be0fd7680e2088566f8a9674f70310N
Size

337KB
Sample

240913-mhydasxgrk
MD5

25be0fd7680e2088566f8a9674f70310
SHA1

6c074507fbd24b64b87c463f4d2b41ac7c7f105f
SHA256

fdaeb65b64bf88b653fb0e174ccc013afe50630f587569741324d04e18ebc388
SHA512

04154e23634a360ea15c48fb144ae3c8447293137cf6a5becfded2000e63ac4b2644a8a9ed8f19a29ac59490f114c1ebdd2cd0e1a813dae8d9d66a55cc713f07
SSDEEP

3072:Chnv6zezxBrs9WTR5gYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:CF6ytBIi51+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  25be0fd7680e2088566f8a9674f70310N
- Size
  
  337KB
- MD5
  
  25be0fd7680e2088566f8a9674f70310
- SHA1
  
  6c074507fbd24b64b87c463f4d2b41ac7c7f105f
- SHA256
  
  fdaeb65b64bf88b653fb0e174ccc013afe50630f587569741324d04e18ebc388
- SHA512
  
  04154e23634a360ea15c48fb144ae3c8447293137cf6a5becfded2000e63ac4b2644a8a9ed8f19a29ac59490f114c1ebdd2cd0e1a813dae8d9d66a55cc713f07
- SSDEEP
  
  3072:Chnv6zezxBrs9WTR5gYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:CF6ytBIi51+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan