njrat | 491eec6f62e89b017a00c2dccf51864afd6debf003a5e83d4081499a293d7221 | Triage

Sharing

General

Target

491eec6f62e89b017a00c2dccf51864afd6debf003a5e83d4081499a293d7221.exe
Size

25KB
Sample

240927-x5hapsvfpr
MD5

342696fe21a53e26ed0fe6f07ab44807
SHA1

fd7d1ed14e6afa230d0f3a572c5b1d17972e3ef5
SHA256

491eec6f62e89b017a00c2dccf51864afd6debf003a5e83d4081499a293d7221
SHA512

72abdefa832defa0bf71c15159571fec0456787492c411cf749a78fdb77a6af01121459c4e4f84e57bf5cdeea32dbf22e43cf7705a9082504ca2b091ed133101
SSDEEP

384:5vcTz4TmmqZIQQptCtRZRe15p45cjAh+v2Y/Oz6JT8BNAZwBiy:5vkGQgctKp45h+OY/AC4Pl

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

harris974.ddns.net:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  491eec6f62e89b017a00c2dccf51864afd6debf003a5e83d4081499a293d7221.exe
- Size
  
  25KB
- MD5
  
  342696fe21a53e26ed0fe6f07ab44807
- SHA1
  
  fd7d1ed14e6afa230d0f3a572c5b1d17972e3ef5
- SHA256
  
  491eec6f62e89b017a00c2dccf51864afd6debf003a5e83d4081499a293d7221
- SHA512
  
  72abdefa832defa0bf71c15159571fec0456787492c411cf749a78fdb77a6af01121459c4e4f84e57bf5cdeea32dbf22e43cf7705a9082504ca2b091ed133101
- SSDEEP
  
  384:5vcTz4TmmqZIQQptCtRZRe15p45cjAh+v2Y/Oz6JT8BNAZwBiy:5vkGQgctKp45h+OY/AC4Pl
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedpersistencetrojan