njrat | 482b4f745d80925974ef46ab24bc35d1c7f895c2881820ebef14fe5f1117a072 | Triage

Sharing

General

Target

DLLinject.exe
Size

43KB
Sample

241020-ps65asybla
MD5

d45480663e5b74794425c0ffe354bbee
SHA1

45fecd5d4512dd86464e36e63d459b95ffecfbeb
SHA256

482b4f745d80925974ef46ab24bc35d1c7f895c2881820ebef14fe5f1117a072
SHA512

f52e73bff29e8fc5e25b3325e2ff7967a3589d1c090ec0fa03f931a1276a664f903713b5363222e930589ca018464e84b123caf03bd2541876ca2b2b77760634
SSDEEP

384:XHZyhv6QNkli0yiQHJSNOW0eytTEjRqrVGzkIij+ZsNO3PlpJKkkjh/TzF7pWniV:X5W6ABiIJSNOW0e6ysauXQ/oH/+L

Score

10^/10

njrat assault discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

assault

C2

pro-fundraising.gl.at.ply.gg:43768

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  DLLinject.exe
- Size
  
  43KB
- MD5
  
  d45480663e5b74794425c0ffe354bbee
- SHA1
  
  45fecd5d4512dd86464e36e63d459b95ffecfbeb
- SHA256
  
  482b4f745d80925974ef46ab24bc35d1c7f895c2881820ebef14fe5f1117a072
- SHA512
  
  f52e73bff29e8fc5e25b3325e2ff7967a3589d1c090ec0fa03f931a1276a664f903713b5363222e930589ca018464e84b123caf03bd2541876ca2b2b77760634
- SSDEEP
  
  384:XHZyhv6QNkli0yiQHJSNOW0eytTEjRqrVGzkIij+ZsNO3PlpJKkkjh/TzF7pWniV:X5W6ABiIJSNOW0e6ysauXQ/oH/+L
Score

10^/10

njrat assault discovery persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratassaultdiscoverypersistencetrojan

behavioral2

njratassaultdiscoverypersistencetrojan