njrat | 270ce36f6d56dc4cc4252d2a2c5b2cb2b240dc3d87c02068b072b1620ea4267e | Triage

Sharing

General

Target

Payload.zip
Size

24KB
Sample

241004-y5xaasthqp
MD5

b7e5053c63a747fef10313dc94e15b57
SHA1

2e6099c5d2de7f05072992a67c3304a48147bbdb
SHA256

270ce36f6d56dc4cc4252d2a2c5b2cb2b240dc3d87c02068b072b1620ea4267e
SHA512

a46b0adae4b8b1d29fc334e1329d749ac4c7a636e4759ff383513a1fc37c841bab45a2ac46b7e5920da2210d2078f2dc7c275f0563353b02a8110457bbab8e31
SSDEEP

768:804vHW67qjrgG9j9SZyfaMJMa2lhTfh6cbJ9uFtX3z1SaKgsv9:H4v260g2XYfbbJ9i539KF

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

tlkkyhm.localto.net:7608

Mutex

6943dac507c43de133ee9a5ce32fd755

Attributes

reg_key
6943dac507c43de133ee9a5ce32fd755
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  4f0249929ce845b18b7f909ed29ff4e4
- SHA1
  
  a6f0627d3b5d45b2481bdf7be97865ec06774c94
- SHA256
  
  016a72d36bc45f96e4149849cdd1b60d573736f8268033b23bf7fe7a33cf0d9b
- SHA512
  
  a5aef8e4e192f6f8caad15c1493e8d38a017f05c6a9f466e1840fe657bee760b69a5c52881e9e6e950fd9e71ea527de302b879870616794f7b8e4f72d80e1bd3
- SSDEEP
  
  1536:0GLu8DnN8N1+S1Cl/BODuwsNMDmXExI3pmNm:S8DnNGcXODuwsNMDmXExI3pm
Score

10^/10

njrat discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan