njrat | a3567d00fcd938526639475739fcdb6d761711d0a91c8e0408a878808f21a2d9 | Triage

Sharing

General

Target

Payload.exe
Size

55KB
Sample

241004-zpc26awakn
MD5

c410a49af4db43bc049c53d3a2c922f1
SHA1

474b85960f5172f4ae00185e7ce176fd6f0d4b81
SHA256

a3567d00fcd938526639475739fcdb6d761711d0a91c8e0408a878808f21a2d9
SHA512

79bd9bb438018c9c1c182d55558cd56708d65061cccde0f357d93f609375a8ef9eada69b2276b39599bbf5bf24f11ff9e483f0a2ebda0f9db202a5b85ef87e0d
SSDEEP

1536:EBtu8DnN8N1+S1Cl/BODtwsNMDqXExI3pm0m:T8DnNGcXODtwsNMDqXExI3pm

Score

10^/10

njrat pack discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Pack

C2

gbyvwcn.localto.net:3906

Mutex

d78d7e2855c15bbee7722959f6687d91

Attributes

reg_key
d78d7e2855c15bbee7722959f6687d91
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  c410a49af4db43bc049c53d3a2c922f1
- SHA1
  
  474b85960f5172f4ae00185e7ce176fd6f0d4b81
- SHA256
  
  a3567d00fcd938526639475739fcdb6d761711d0a91c8e0408a878808f21a2d9
- SHA512
  
  79bd9bb438018c9c1c182d55558cd56708d65061cccde0f357d93f609375a8ef9eada69b2276b39599bbf5bf24f11ff9e483f0a2ebda0f9db202a5b85ef87e0d
- SSDEEP
  
  1536:EBtu8DnN8N1+S1Cl/BODtwsNMDqXExI3pm0m:T8DnNGcXODtwsNMDqXExI3pm
Score

10^/10

njrat discovery trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan