njrat | 6b9a569e08e67121fce97dc7aadd0286ce29a1858d5b551c2f5133bd65e9e2a0 | Triage

Sharing

General

Target

6b9a569e08e67121fce97dc7aadd0286ce29a1858d5b551c2f5133bd65e9e2a0.exe
Size

55KB
Sample

241103-dgaq6swlan
MD5

5c3d5da03554ca31fcc35d3ee1e967d8
SHA1

9fb31b712fedbeb58fe43a15321a19d56835c970
SHA256

6b9a569e08e67121fce97dc7aadd0286ce29a1858d5b551c2f5133bd65e9e2a0
SHA512

9ef2b911416f53796d84f5237c4a0136f2cf802f2f469d43d6b182f887bddba81fb36fcc2ed79e1456c4eb21fc9cb1bdc015e4b2ef788952250a05a0ac34b505
SSDEEP

1536:tzpMDnE4uNRty4XXzdhDmwsNMDAXExI3pm/m:bMDnlYk4XxhDmwsNMDAXExI3pm

Score

10^/10

njrat victim discovery evasion trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

area-paid.gl.at.ply.gg:37212

Mutex

59211d537036a82f5e7ec159326cddf1

Attributes

reg_key
59211d537036a82f5e7ec159326cddf1
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  6b9a569e08e67121fce97dc7aadd0286ce29a1858d5b551c2f5133bd65e9e2a0.exe
- Size
  
  55KB
- MD5
  
  5c3d5da03554ca31fcc35d3ee1e967d8
- SHA1
  
  9fb31b712fedbeb58fe43a15321a19d56835c970
- SHA256
  
  6b9a569e08e67121fce97dc7aadd0286ce29a1858d5b551c2f5133bd65e9e2a0
- SHA512
  
  9ef2b911416f53796d84f5237c4a0136f2cf802f2f469d43d6b182f887bddba81fb36fcc2ed79e1456c4eb21fc9cb1bdc015e4b2ef788952250a05a0ac34b505
- SSDEEP
  
  1536:tzpMDnE4uNRty4XXzdhDmwsNMDAXExI3pm/m:bMDnlYk4XxhDmwsNMDAXExI3pm
Score

10^/10

njrat victim discovery evasion trojan
- Njrat family
  njrat
- UAC bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Scheduled Task/Job

Scheduled Task

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratvictimdiscoveryevasiontrojan

behavioral2

njratvictimdiscoveryevasiontrojan