njrat | 0e598feb9643475cd6209f510b9bdd33080188752734f5e8403aa5e946f6b841 | Triage

Sharing

General

Target

13131312.exe
Size

55KB
Sample

241005-nh7gmsweke
MD5

7f885e0b86bfd37c17867214b74c600a
SHA1

476e1749121846a34eff66c2714d01ff3cf18593
SHA256

0e598feb9643475cd6209f510b9bdd33080188752734f5e8403aa5e946f6b841
SHA512

00799f581f42173a2e10e9fdd4f8ba83922bbe8b8e264539405a78eef146c3c8f8f09ac2fdbb6380d2574232b749e902469bbdc62af89d62d4416de506f75499
SSDEEP

1536:6RYADnG5N3HSdfd7EDuwsNMDdXExI3pmTm:NADn0ydtEDuwsNMDdXExI3pm

Score

10^/10

njrat 31 discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

31

C2

txx8luo.localto.net:3989

Mutex

0f4f57f0b5499edfd1915b0e98cfe851

Attributes

reg_key
0f4f57f0b5499edfd1915b0e98cfe851
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  13131312.exe
- Size
  
  55KB
- MD5
  
  7f885e0b86bfd37c17867214b74c600a
- SHA1
  
  476e1749121846a34eff66c2714d01ff3cf18593
- SHA256
  
  0e598feb9643475cd6209f510b9bdd33080188752734f5e8403aa5e946f6b841
- SHA512
  
  00799f581f42173a2e10e9fdd4f8ba83922bbe8b8e264539405a78eef146c3c8f8f09ac2fdbb6380d2574232b749e902469bbdc62af89d62d4416de506f75499
- SSDEEP
  
  1536:6RYADnG5N3HSdfd7EDuwsNMDdXExI3pmTm:NADn0ydtEDuwsNMDdXExI3pm
Score

10^/10

njrat discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverypersistencetrojan

behavioral2

discoverypersistence