njrat | 3a769894ceb07a4c0e334562acc0d1c3e1523afee2b74bb8f0e794099889b379 | Triage

Sharing

General

Target

Payload.exe
Size

55KB
Sample

241203-xlbc2symbz
MD5

843cc097164266c5c152f19a41fc5be9
SHA1

21cda33595dff7a078f2a9c57ddeebc798cb18a3
SHA256

3a769894ceb07a4c0e334562acc0d1c3e1523afee2b74bb8f0e794099889b379
SHA512

0130baf712d324b65fd60ca83a6e9931ff13c1a520cc40e77ac7222da3939cd258e314a06f8294a85c6f9c693ed79231649752bf1abf8d1e5db14e39632ed915
SSDEEP

1536:BWoADn8fLNG/SbrKDD3wsNMDbXExI3pm4Nm:zADncsqbeDD3wsNMDbXExI3pm

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

cities-constraints.gl.at.ply.gg:16265

Mutex

02c50d9a6cd2748a3e6820b9ed4d22d1

Attributes

reg_key
02c50d9a6cd2748a3e6820b9ed4d22d1
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  843cc097164266c5c152f19a41fc5be9
- SHA1
  
  21cda33595dff7a078f2a9c57ddeebc798cb18a3
- SHA256
  
  3a769894ceb07a4c0e334562acc0d1c3e1523afee2b74bb8f0e794099889b379
- SHA512
  
  0130baf712d324b65fd60ca83a6e9931ff13c1a520cc40e77ac7222da3939cd258e314a06f8294a85c6f9c693ed79231649752bf1abf8d1e5db14e39632ed915
- SSDEEP
  
  1536:BWoADn8fLNG/SbrKDD3wsNMDbXExI3pm4Nm:zADncsqbeDD3wsNMDbXExI3pm
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan