njrat | 74f3b27c2f67c0eaf08b473144c580ed05e6488401092fd6cb129a8bd661de7d | Triage

Sharing

General

Target

njRAT
Size

260KB
Sample

240920-lx1xas1bpj
MD5

146a54683a735724a153d5f54f8180b3
SHA1

1a1c8190fd5b25eb32dc2acd32d640d6125b4162
SHA256

74f3b27c2f67c0eaf08b473144c580ed05e6488401092fd6cb129a8bd661de7d
SHA512

8df46b44c11038af702e077113a6488e1409c079b5a2a3f3fb8fe2f3b2f87b6c6e2a300b14bcb6049816acc6c87d27ae4c0b28cca86710fced45d03065530d15
SSDEEP

6144:DgVk4c3uokeOvHS1d1+CNs8wbiWQF9MvZJT3CqbMrhryf65NRPaCieMjAkvCJv1T:8k4c3uokeOvHS1d1+CNs8wbiWQF9MvZ4

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

1.0.0.721:6522

Mutex

99f38bbe0af13fde32226e71d4a6ac11

Attributes

reg_key
99f38bbe0af13fde32226e71d4a6ac11
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  njRAT
- Size
  
  260KB
- MD5
  
  146a54683a735724a153d5f54f8180b3
- SHA1
  
  1a1c8190fd5b25eb32dc2acd32d640d6125b4162
- SHA256
  
  74f3b27c2f67c0eaf08b473144c580ed05e6488401092fd6cb129a8bd661de7d
- SHA512
  
  8df46b44c11038af702e077113a6488e1409c079b5a2a3f3fb8fe2f3b2f87b6c6e2a300b14bcb6049816acc6c87d27ae4c0b28cca86710fced45d03065530d15
- SSDEEP
  
  6144:DgVk4c3uokeOvHS1d1+CNs8wbiWQF9MvZJT3CqbMrhryf65NRPaCieMjAkvCJv1T:8k4c3uokeOvHS1d1+CNs8wbiWQF9MvZ4
Score

10^/10

njrat victim discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njratvictimdiscoverytrojan