njrat | b0ea3c59485d9b661f8ad40e1d606ce8b6daa57df869d58c1ec1d6dbfb381279 | Triage

Sharing

General

Target

8f2df7c6c1a4eb93299efb78692863c0N
Size

337KB
Sample

240913-rknn4atgjf
MD5

8f2df7c6c1a4eb93299efb78692863c0
SHA1

87980955afa29ce87dbef53e3abdb147ea188257
SHA256

b0ea3c59485d9b661f8ad40e1d606ce8b6daa57df869d58c1ec1d6dbfb381279
SHA512

747d1e197a3118930bb7670e07061240db66861610fddf8559eac8df0e5d0d8d9049b5efb7acf48c94f01775c4b1d295814f8e217894ee0f8bf7cd0b1d01f9eb
SSDEEP

3072:MTNZsRfWlbgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:mYf0b1+fIyG5jZkCwi8r

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  8f2df7c6c1a4eb93299efb78692863c0N
- Size
  
  337KB
- MD5
  
  8f2df7c6c1a4eb93299efb78692863c0
- SHA1
  
  87980955afa29ce87dbef53e3abdb147ea188257
- SHA256
  
  b0ea3c59485d9b661f8ad40e1d606ce8b6daa57df869d58c1ec1d6dbfb381279
- SHA512
  
  747d1e197a3118930bb7670e07061240db66861610fddf8559eac8df0e5d0d8d9049b5efb7acf48c94f01775c4b1d295814f8e217894ee0f8bf7cd0b1d01f9eb
- SSDEEP
  
  3072:MTNZsRfWlbgYfc0DV+1BIyLK5jZWlfXXqyYwi8x4Yfc09:mYf0b1+fIyG5jZkCwi8r
Score

10^/10

njrat discovery persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan