njrat | a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fc | Triage

Sharing

General

Target

a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fcN
Size

55KB
Sample

241004-ag7t5axglh
MD5

7d38e6e8b44aac1d4e7a3eb659837520
SHA1

5a7c139618c8eb4ceb1e897a9e41b5cafceaf465
SHA256

a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fc
SHA512

ae76d28657016ef48aad993ba53ee34a1ccba6f9c8af70ad9b458b3e877b828015ec8f8fd3585b25a579d4cf1aaf5c9e3c9e28b5b6fcf133b67afc4439a6e78b
SSDEEP

768:l7kOpEBhA/vMHTi9bDIS+FPPPPrnMXOFc8pnD+orPPPPP:dkOpvnYi9boMXOFcMD+o

Score

10^/10

njrat تم الاختراق من قبل احمد السيسي discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

تم الاختراق من قبل احمد السيسي

C2

mmo7m.ddns.net:7777

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fcN
- Size
  
  55KB
- MD5
  
  7d38e6e8b44aac1d4e7a3eb659837520
- SHA1
  
  5a7c139618c8eb4ceb1e897a9e41b5cafceaf465
- SHA256
  
  a7356edf0a0c0a2b003ade063ff5d8817c9d73fc3a7b4f4605f03d44cfd602fc
- SHA512
  
  ae76d28657016ef48aad993ba53ee34a1ccba6f9c8af70ad9b458b3e877b828015ec8f8fd3585b25a579d4cf1aaf5c9e3c9e28b5b6fcf133b67afc4439a6e78b
- SSDEEP
  
  768:l7kOpEBhA/vMHTi9bDIS+FPPPPrnMXOFc8pnD+orPPPPP:dkOpvnYi9boMXOFcMD+o
Score

10^/10

njrat تم الاختراق من قبل احمد السيسي discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

تم الاختراق من قبل احمد السيسيnjrat

behavioral1

njratتم الاختراق من قبل احمد السيسيdiscoverypersistencetrojan

behavioral2

discoverypersistence