njrat | 386948e2877eac1b5a79f96db5fba7008bfab8f173898204b63e83a60e0b80d2 | Triage

Sharing

General

Target

treeVPN.exe
Size

43KB
Sample

241111-ygzqhstne1
MD5

9a5aead9de4bf8498905d7ddb659be02
SHA1

c93c2457a874d908108915cc83d8f0a35e4ef910
SHA256

386948e2877eac1b5a79f96db5fba7008bfab8f173898204b63e83a60e0b80d2
SHA512

bd38b97e1fe283c09dc6bfaef13541c2a62718a067dc178c093557b69527d81e9ba93a1c174867c6216d3a220b554c0dee49852bcb51f184610495830a5b49f7
SSDEEP

384:0ZySvHn1iDcsyEqtBfQEGCOEhGyOEtzcIij+ZsNO3PlpJKkkjh/TzF7pWnQ/greT:C5HnU4pEqtNQE5SyZuXQ/oB3+L

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  treeVPN.exe
- Size
  
  43KB
- MD5
  
  9a5aead9de4bf8498905d7ddb659be02
- SHA1
  
  c93c2457a874d908108915cc83d8f0a35e4ef910
- SHA256
  
  386948e2877eac1b5a79f96db5fba7008bfab8f173898204b63e83a60e0b80d2
- SHA512
  
  bd38b97e1fe283c09dc6bfaef13541c2a62718a067dc178c093557b69527d81e9ba93a1c174867c6216d3a220b554c0dee49852bcb51f184610495830a5b49f7
- SSDEEP
  
  384:0ZySvHn1iDcsyEqtBfQEGCOEhGyOEtzcIij+ZsNO3PlpJKkkjh/TzF7pWnQ/greT:C5HnU4pEqtNQE5SyZuXQ/oB3+L
Score

10^/10

njrat hacked discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan