njrat | 6596632cfd51779343afcd7703aa57c16a9fe7ba685aa95b0c096f2de30b95d3 | Triage

Sharing

General

Target

6596632cfd51779343afcd7703aa57c16a9fe7ba685aa95b0c096f2de30b95d3N
Size

42KB
Sample

240919-zbcjgazapp
MD5

0b4a8cccee17381aecd634b6414f9c40
SHA1

82bae64a12475b580150503217c7c9699978be61
SHA256

6596632cfd51779343afcd7703aa57c16a9fe7ba685aa95b0c096f2de30b95d3
SHA512

4d50d154604aaeb268086dae6de4296ecebdbaca217a43e8abe6b6cb72efc09f7c35b7c369eae47ac18297d1a7185868d2341d2bf4bc5d83cae843d5aefde11e
SSDEEP

384:pZe69WNUst+3gUy6vH9GOmECbdJ0jaCnKs1jUNNNCP33hYCtVKwJR7AMu0reT0pe:rIwQh6f99sbEaCKuUVupVZG+L

Score

10^/10

njrat discovery persistence trojan

Malware Config

Targets

- Target
  
  6596632cfd51779343afcd7703aa57c16a9fe7ba685aa95b0c096f2de30b95d3N
- Size
  
  42KB
- MD5
  
  0b4a8cccee17381aecd634b6414f9c40
- SHA1
  
  82bae64a12475b580150503217c7c9699978be61
- SHA256
  
  6596632cfd51779343afcd7703aa57c16a9fe7ba685aa95b0c096f2de30b95d3
- SHA512
  
  4d50d154604aaeb268086dae6de4296ecebdbaca217a43e8abe6b6cb72efc09f7c35b7c369eae47ac18297d1a7185868d2341d2bf4bc5d83cae843d5aefde11e
- SSDEEP
  
  384:pZe69WNUst+3gUy6vH9GOmECbdJ0jaCnKs1jUNNNCP33hYCtVKwJR7AMu0reT0pe:rIwQh6f99sbEaCKuUVupVZG+L
Score

10^/10

njrat discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan