njrat | 1d3f0c9127f4a577a23e94e1271980464d7be9a5888976a29c219f1295831e38 | Triage

Sharing

General

Target

Payload.exe
Size

55KB
Sample

241109-p45evatncz
MD5

4e465a6ec07921dfb8001c62240b6046
SHA1

1f720089177be34e2e764c412753cba824805626
SHA256

1d3f0c9127f4a577a23e94e1271980464d7be9a5888976a29c219f1295831e38
SHA512

40f967d735f6860f3103e85b629d799329e1651b6f7da55e6dbe7d96fa5c188625057e723ac8ed83993ee0f0610bfcc72f260c493633f48af15891286432efd7
SSDEEP

768:mda6lOt1Man8E2N6FikUt34okSNomwFvfu0YMDHPsIL7XJSxI3pmnm:md1cDnCN6FikSJDNwsNMDTXExI3pmnm

Score

10^/10

njrat heavyxrsetup discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

HeavyXrSetup

C2

i2w8qee.localto.net:4511

Mutex

7ec49c21ae511225ce84cfdc8ef454ea

Attributes

reg_key
7ec49c21ae511225ce84cfdc8ef454ea
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  4e465a6ec07921dfb8001c62240b6046
- SHA1
  
  1f720089177be34e2e764c412753cba824805626
- SHA256
  
  1d3f0c9127f4a577a23e94e1271980464d7be9a5888976a29c219f1295831e38
- SHA512
  
  40f967d735f6860f3103e85b629d799329e1651b6f7da55e6dbe7d96fa5c188625057e723ac8ed83993ee0f0610bfcc72f260c493633f48af15891286432efd7
- SSDEEP
  
  768:mda6lOt1Man8E2N6FikUt34okSNomwFvfu0YMDHPsIL7XJSxI3pmnm:md1cDnCN6FikSJDNwsNMDTXExI3pmnm
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

heavyxrsetupnjrat

behavioral1

njratdiscoverytrojan