njrat | ae7f9bb495a5054670f291e88e2a18c23e7dd8b4dc053454ec2878a68364fb30 | Triage

Sharing

General

Target

Payload.exe
Size

55KB
Sample

241203-kt8bjatnam
MD5

231a235d2b656648a1562b3ddbbd818d
SHA1

52d676b7564f6c366ce3f8bb4a87fcbef2ce1884
SHA256

ae7f9bb495a5054670f291e88e2a18c23e7dd8b4dc053454ec2878a68364fb30
SHA512

03a75527ba8a097a75ab193abb525916559253b1c151fcaa8470a2f5306335863794d32ec48e59009e865c566f147aae5c8620b2ba0264111786f6a6b26b256e
SSDEEP

1536:11YADn8fLN2/SbxRDD3wsNMD7XExI3pm7m:AADnccqbTDD3wsNMD7XExI3pm

Score

10^/10

njrat victim discovery evasion execution trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

cities-constraints.gl.at.ply.gg:16265

Mutex

02c50d9a6cd2748a3e6820b9ed4d22d1

Attributes

reg_key
02c50d9a6cd2748a3e6820b9ed4d22d1
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  231a235d2b656648a1562b3ddbbd818d
- SHA1
  
  52d676b7564f6c366ce3f8bb4a87fcbef2ce1884
- SHA256
  
  ae7f9bb495a5054670f291e88e2a18c23e7dd8b4dc053454ec2878a68364fb30
- SHA512
  
  03a75527ba8a097a75ab193abb525916559253b1c151fcaa8470a2f5306335863794d32ec48e59009e865c566f147aae5c8620b2ba0264111786f6a6b26b256e
- SSDEEP
  
  1536:11YADn8fLN2/SbxRDD3wsNMD7XExI3pm7m:AADnccqbTDD3wsNMD7XExI3pm
Score

10^/10

discovery evasion execution njrat trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Stops running service(s)
  evasion execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecution

behavioral2

njratdiscoveryevasionexecutiontrojan