njrat | a3cadd3c7b8eef38c0b512960c50a15957b6d443a4bda2023f975ad3a39db30e | Triage

Sharing

General

Target

Payload.exe
Size

55KB
Sample

241202-1dvy9szldl
MD5

e78b361c762a3593d0a8793ea238bab9
SHA1

d805c5466d79292a0654898d20efa755036efa20
SHA256

a3cadd3c7b8eef38c0b512960c50a15957b6d443a4bda2023f975ad3a39db30e
SHA512

e263f560c8855967ca537b0d1b972106cce95459cfcf5c47eec9ac049c4a1f4d0568e25a8d22a6514b52bb3f84503db3bd41f42d90ae6de045b11393fccc76d8
SSDEEP

1536:O68oDnb4DNA7SQJHDrwsNMD+XExI3pmom:SoDnEmO2HDrwsNMD+XExI3pm

Score

10^/10

njrat victim discovery evasion execution trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

cnet-contracting.gl.at.ply.gg:10206

Mutex

578c40e26a890cb6801040b7382c8b97

Attributes

reg_key
578c40e26a890cb6801040b7382c8b97
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  e78b361c762a3593d0a8793ea238bab9
- SHA1
  
  d805c5466d79292a0654898d20efa755036efa20
- SHA256
  
  a3cadd3c7b8eef38c0b512960c50a15957b6d443a4bda2023f975ad3a39db30e
- SHA512
  
  e263f560c8855967ca537b0d1b972106cce95459cfcf5c47eec9ac049c4a1f4d0568e25a8d22a6514b52bb3f84503db3bd41f42d90ae6de045b11393fccc76d8
- SSDEEP
  
  1536:O68oDnb4DNA7SQJHDrwsNMD+XExI3pmom:SoDnEmO2HDrwsNMD+XExI3pm
Score

10^/10

njrat discovery evasion execution trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Stops running service(s)
  evasion execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

njratdiscoveryevasionexecutiontrojan