njrat | c8d8f79ad37249faa03dae92947af35d310fffc28b7597507246d1f8c8eb9fea | Triage

Sharing

General

Target

c8d8f79ad37249faa03dae92947af35d310fffc28b7597507246d1f8c8eb9fea.exe
Size

43KB
Sample

241006-m17dxszfqn
MD5

587ad6e22bb4925dd74971fb811742d2
SHA1

ed232dd2da4676de64df99bdf43d86b5049b65f2
SHA256

c8d8f79ad37249faa03dae92947af35d310fffc28b7597507246d1f8c8eb9fea
SHA512

552bba329873ed49765327677731fd2f99107cc2837748011dfcc792b5e9158c4c248c08d2ef6f1e70a11616d6684df4fa0068a32853a7b8eb1bd1077d56e57e
SSDEEP

384:dZyBcUdsbhKIyKPDbSYeE6rrez8Iij+ZsNO3PlpJKkkjh/TzF7pWn/dwgreT0pqP:XeRiwFKrbvUsuXQ/o40+L

Score

10^/10

njrat 34234234 discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

34234234

C2

146.158.107.225:8408

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  c8d8f79ad37249faa03dae92947af35d310fffc28b7597507246d1f8c8eb9fea.exe
- Size
  
  43KB
- MD5
  
  587ad6e22bb4925dd74971fb811742d2
- SHA1
  
  ed232dd2da4676de64df99bdf43d86b5049b65f2
- SHA256
  
  c8d8f79ad37249faa03dae92947af35d310fffc28b7597507246d1f8c8eb9fea
- SHA512
  
  552bba329873ed49765327677731fd2f99107cc2837748011dfcc792b5e9158c4c248c08d2ef6f1e70a11616d6684df4fa0068a32853a7b8eb1bd1077d56e57e
- SSDEEP
  
  384:dZyBcUdsbhKIyKPDbSYeE6rrez8Iij+ZsNO3PlpJKkkjh/TzF7pWn/dwgreT0pqP:XeRiwFKrbvUsuXQ/o40+L
Score

10^/10

njrat 34234234 discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat34234234discoverypersistencetrojan

behavioral2

njrat34234234discoverypersistencetrojan