njrat | 441be6f69dd6bdfafdf7fa4596ef37ac3a8bf6cce2b9b9154c5f2f39c71e3d97 | Triage

Sharing

General

Target

Nigga.exe
Size

55KB
Sample

241027-xpgn8s1hrr
MD5

7a1624af489962ed1c60426a536e250c
SHA1

3ae27946c2dccb5ca0014d3b367dfb0b5f6bebc9
SHA256

441be6f69dd6bdfafdf7fa4596ef37ac3a8bf6cce2b9b9154c5f2f39c71e3d97
SHA512

a159818951c59d9eedccc70cc02dd5d65c8da7b0eebb5300d957614af8e71e64821bfcff3aa888a617f4cfccef4621c1534e70cd840753e04b733e7c71c652ca
SSDEEP

1536:B+oADn8fLNG/SbrKDD3wsNMDvXExI3pmjm:/ADncsqbeDD3wsNMDvXExI3pm

Score

10^/10

njrat roblox kid bootkit discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Roblox Kid

C2

3zf9bxe.localto.net:6551

Mutex

310cce0cee234e77a00e8217080b1277

Attributes

reg_key
310cce0cee234e77a00e8217080b1277
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Nigga.exe
- Size
  
  55KB
- MD5
  
  7a1624af489962ed1c60426a536e250c
- SHA1
  
  3ae27946c2dccb5ca0014d3b367dfb0b5f6bebc9
- SHA256
  
  441be6f69dd6bdfafdf7fa4596ef37ac3a8bf6cce2b9b9154c5f2f39c71e3d97
- SHA512
  
  a159818951c59d9eedccc70cc02dd5d65c8da7b0eebb5300d957614af8e71e64821bfcff3aa888a617f4cfccef4621c1534e70cd840753e04b733e7c71c652ca
- SSDEEP
  
  1536:B+oADn8fLNG/SbrKDD3wsNMDvXExI3pmjm:/ADncsqbeDD3wsNMDvXExI3pm
Score

10^/10

njrat bootkit discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

roblox kid njrat

behavioral1

njratbootkitdiscoverypersistencetrojan

behavioral2

njratdiscoverypersistencetrojan