njrat | 6586e2cc6f5a8d15e79dfcdbf76d56917cf49370397d05647db19f5e58e601fa | Triage

Sharing

General

Target

Server.rar
Size

17KB
Sample

241005-r9w2rsvgnm
MD5

e2f42e6ced2cf8096849f842cfca6f84
SHA1

4b9f8bc73f23371561cd33728a4afd9f045c8afb
SHA256

6586e2cc6f5a8d15e79dfcdbf76d56917cf49370397d05647db19f5e58e601fa
SHA512

d78e2ce38bb4640854429fb20c8c5181e22a33a416d3417f69f112363399f350088ac5ca356539324cfb93f5dd33eb90843284b07ef0147149ea88553e6260fa
SSDEEP

384:op8eCopmONIy4jIkSbTPxnHFa0RiUTxmaYcWxDxYwV3JruiVM:M8do3CycqTZHFjzTxtYc+BNJrul

Score

10^/10

njrat 123 credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

123

C2

0.tcp.eu.ngrok.io:18924

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  Server.exe
- Size
  
  43KB
- MD5
  
  1af3ef4f8e6c01a53f4f3b8c5e26d0a4
- SHA1
  
  ab9090eb9ab08d1c5b5c0aa6ec64cf3efc2dc240
- SHA256
  
  9c0d9b9cec6ac5a96098e42d347af4df9e0689725205803fc7aa7fdf374522ad
- SHA512
  
  9eff6851b27560036a6f38eb4c4d1c47fc7ba856af9d3e05ed4065b86f223c5fbd94721030237d75b9687e802ada469bdf62b1a9660fa580f55cca10f0c2b278
- SSDEEP
  
  384:JZybRy1STss7yKSVBuYYkEhxpS2/zsIij+ZsNO3PlpJKkkjh/TzF7pWnfcgreT0k:LMwk4smKSnuhlxkmuXQ/oio+L
Score

10^/10

njrat 123 credential_access discovery spyware stealer trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrat123credential_accessdiscoveryspywarestealertrojan