njrat | 0da0698beb4c1f1ca6a24dcb2776e8ad47399ffb1faeaa3b6f207838ff564e7b | Triage

Sharing

General

Target

0da0698beb4c1f1ca6a24dcb2776e8ad47399ffb1faeaa3b6f207838ff564e7bN.exe
Size

55KB
Sample

240925-hnnc3a1dpr
MD5

563cfd7cc9c80650d3fc036b40cd5020
SHA1

ad902fe07dd8e65b55b3dd99376fff44fe2d7faa
SHA256

0da0698beb4c1f1ca6a24dcb2776e8ad47399ffb1faeaa3b6f207838ff564e7b
SHA512

6d4a3d8d31fc199f76615a066a715dbbab5b185611c1a46843245a2ac069cfa35aed9aa7d41c46271f45a8b6febff2a8d8635ba24ef9cbea10aecc4f18d45496
SSDEEP

1536:jGCoDns0NiiSx1YDtwsNMDsXExI3pmem:joDnwXTYDtwsNMDsXExI3pm

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

gman1.ddns.net:5552

Mutex

8ef55214b87545b7e47a87c7174c7c87

Attributes

reg_key
8ef55214b87545b7e47a87c7174c7c87
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  0da0698beb4c1f1ca6a24dcb2776e8ad47399ffb1faeaa3b6f207838ff564e7bN.exe
- Size
  
  55KB
- MD5
  
  563cfd7cc9c80650d3fc036b40cd5020
- SHA1
  
  ad902fe07dd8e65b55b3dd99376fff44fe2d7faa
- SHA256
  
  0da0698beb4c1f1ca6a24dcb2776e8ad47399ffb1faeaa3b6f207838ff564e7b
- SHA512
  
  6d4a3d8d31fc199f76615a066a715dbbab5b185611c1a46843245a2ac069cfa35aed9aa7d41c46271f45a8b6febff2a8d8635ba24ef9cbea10aecc4f18d45496
- SSDEEP
  
  1536:jGCoDns0NiiSx1YDtwsNMDsXExI3pmem:joDnwXTYDtwsNMDsXExI3pm
Score

10^/10

njrat discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan