njrat | b8a92e0ec11d91aaa6c5c44f37024d9f09071623dcf2aa67462189e84f683b65 | Triage

Sharing

General

Target

b8a92e0ec11d91aaa6c5c44f37024d9f09071623dcf2aa67462189e84f683b65.unknown
Size

25KB
Sample

240927-q3bxksvfpr
MD5

ee2daced77768d937294aaf656c59e81
SHA1

643fc628eb908d845c2c275492c232f39b0e56d5
SHA256

b8a92e0ec11d91aaa6c5c44f37024d9f09071623dcf2aa67462189e84f683b65
SHA512

9487fe759220b3c6ac22941a94fe4bbd37896ee30a06a0d5789d693a870ed2055cf6506233a75c2266fd605e27aea35e218de72653bd76d39061ceff14e3795d
SSDEEP

384:5vcTzwCNCC7GepiEQceFsJoFbiOVg3Cynm6Ld2UTLrFEn768hkfH7+NpgBemOdqt:5vkHwCr89Fski7hm6L8O27U+oBLkq2M

Score

10^/10

njrat kulum persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

Kulum

C2

34.89.221.19:3131

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  b8a92e0ec11d91aaa6c5c44f37024d9f09071623dcf2aa67462189e84f683b65.unknown
- Size
  
  25KB
- MD5
  
  ee2daced77768d937294aaf656c59e81
- SHA1
  
  643fc628eb908d845c2c275492c232f39b0e56d5
- SHA256
  
  b8a92e0ec11d91aaa6c5c44f37024d9f09071623dcf2aa67462189e84f683b65
- SHA512
  
  9487fe759220b3c6ac22941a94fe4bbd37896ee30a06a0d5789d693a870ed2055cf6506233a75c2266fd605e27aea35e218de72653bd76d39061ceff14e3795d
- SSDEEP
  
  384:5vcTzwCNCC7GepiEQceFsJoFbiOVg3Cynm6Ld2UTLrFEn768hkfH7+NpgBemOdqt:5vkHwCr89Fski7hm6L8O27U+oBLkq2M
Score

10^/10

njrat kulum persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratkulum persistencetrojan

behavioral2

njratkulum persistencetrojan