njrat | c32a5b371401abc7904e2bfaddc23f69ef7c8a7d40bd3e7a8f045f6de64a3201 | Triage

Sharing

General

Target

Bloxstrap.exe
Size

11.2MB
Sample

241123-yhw11szjgk
MD5

29ca7831b80bf263095bb878555b5161
SHA1

7190385a69c313a6cc9d60a17434b2227d01edc3
SHA256

c32a5b371401abc7904e2bfaddc23f69ef7c8a7d40bd3e7a8f045f6de64a3201
SHA512

4c3b75db351f59a5842d6bb4d212cdf25282525bf5683864b40580e56c3976464e335bcd5d737da990a4737ea4a217a494fac56868700a9db41e4af4b24dae06
SSDEEP

98304:ksqZ+pv3Tscod5DFasb/r5vGWD3EOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlUv:ksqZ+pLscVsb/r5vGlObAbN0

Score

10^/10

njrat hacked discovery trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

saw-shirts.gl.at.ply.gg:4164

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  Bloxstrap.exe
- Size
  
  11.2MB
- MD5
  
  29ca7831b80bf263095bb878555b5161
- SHA1
  
  7190385a69c313a6cc9d60a17434b2227d01edc3
- SHA256
  
  c32a5b371401abc7904e2bfaddc23f69ef7c8a7d40bd3e7a8f045f6de64a3201
- SHA512
  
  4c3b75db351f59a5842d6bb4d212cdf25282525bf5683864b40580e56c3976464e335bcd5d737da990a4737ea4a217a494fac56868700a9db41e4af4b24dae06
- SSDEEP
  
  98304:ksqZ+pv3Tscod5DFasb/r5vGWD3EOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlUv:ksqZ+pLscVsb/r5vGlObAbN0
Score

10^/10

njrat hacked discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverytrojan