njrat | 90a3ee4bb184d38630de9018450ed6be6fdeb2e6b562ccd04fc88f0ad0c865f4 | Triage

Sharing

General

Target

90a3ee4bb184d38630de9018450ed6be6fdeb2e6b562ccd04fc88f0ad0c865f4.exe
Size

43KB
Sample

240928-j21qzsxgpe
MD5

82a9a2a48d290eea02ea5f46a8f31dfb
SHA1

dc20b8cd4f74b9a63cf2d90c5cbbd21839945c89
SHA256

90a3ee4bb184d38630de9018450ed6be6fdeb2e6b562ccd04fc88f0ad0c865f4
SHA512

e3988c2ee085cf228603f70b54eaadca3a9ba5caa72661eaed7eb20217042b52c2539bf77bd4c40e7165d02bcdb605379c94f279fa671beaaaed49b59d5cc833
SSDEEP

384:/ZyvvGyCEFmVoybL/ldP8tm8wMxEDMghm19D9O5UE5QzwBlpJNakkjh/TzF7pWng:BOvGyVAVlbL/l5knuggrvQO+Dl+L

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

192.168.234.154:5555

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  90a3ee4bb184d38630de9018450ed6be6fdeb2e6b562ccd04fc88f0ad0c865f4.exe
- Size
  
  43KB
- MD5
  
  82a9a2a48d290eea02ea5f46a8f31dfb
- SHA1
  
  dc20b8cd4f74b9a63cf2d90c5cbbd21839945c89
- SHA256
  
  90a3ee4bb184d38630de9018450ed6be6fdeb2e6b562ccd04fc88f0ad0c865f4
- SHA512
  
  e3988c2ee085cf228603f70b54eaadca3a9ba5caa72661eaed7eb20217042b52c2539bf77bd4c40e7165d02bcdb605379c94f279fa671beaaaed49b59d5cc833
- SSDEEP
  
  384:/ZyvvGyCEFmVoybL/ldP8tm8wMxEDMghm19D9O5UE5QzwBlpJNakkjh/TzF7pWng:BOvGyVAVlbL/l5knuggrvQO+Dl+L
Score

10^/10

njrat hacked discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan

behavioral2

discoverypersistence