njrat | af809a7846a623cd5f24c48bd70785909243da70a17a46b753d7dc856a0066c3 | Triage

Sharing

General

Target

af809a7846a623cd5f24c48bd70785909243da70a17a46b753d7dc856a0066c3N
Size

2.1MB
Sample

241002-bd8spayhmp
MD5

d56461561f3059f2e813701fa8f6cc00
SHA1

7805b8f2434c00edba2345211309dacfdbc3cf44
SHA256

af809a7846a623cd5f24c48bd70785909243da70a17a46b753d7dc856a0066c3
SHA512

22f366d0518dc3e6d13a2f171c601c8c2f4925813dcb2575fbc5f84079dbff3c5e1953d74c12a1191cca375c8330cd73f8e16775f386fa9d96ddc895e9ea0323
SSDEEP

24576:lGxi5Rkwn374VL3KxLOC/kOlcqEwHh6efhd/:

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

jokaretsoooo.ddns.net:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  af809a7846a623cd5f24c48bd70785909243da70a17a46b753d7dc856a0066c3N
- Size
  
  2.1MB
- MD5
  
  d56461561f3059f2e813701fa8f6cc00
- SHA1
  
  7805b8f2434c00edba2345211309dacfdbc3cf44
- SHA256
  
  af809a7846a623cd5f24c48bd70785909243da70a17a46b753d7dc856a0066c3
- SHA512
  
  22f366d0518dc3e6d13a2f171c601c8c2f4925813dcb2575fbc5f84079dbff3c5e1953d74c12a1191cca375c8330cd73f8e16775f386fa9d96ddc895e9ea0323
- SSDEEP
  
  24576:lGxi5Rkwn374VL3KxLOC/kOlcqEwHh6efhd/:
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedpersistencetrojan