njrat | 83824af1f1d435ba9c33af4216a9877cb3cc4c750e6588aa6adde447cedcf656 | Triage

Sharing

General

Target

1917739297383bb37d4f159e8540b70b.bin
Size

17KB
Sample

241230-bgkj9sspdl
MD5

aa896a91e05f44914f4071c18576baec
SHA1

034a070118a6a0aede39b20d17b94d2681397bd2
SHA256

83824af1f1d435ba9c33af4216a9877cb3cc4c750e6588aa6adde447cedcf656
SHA512

9feae1627bb804bedc3bce46d5593ceac5ba25b380429c3b162fc2eebd44abb026c43ab1c9892396129e2a2edac8139df28d1d7e8e83a0a6a950a05a281ec6c4
SSDEEP

192:pF6txlp/4KT4/9ylSXOkxtkb7JAU7mwylUjnnIj0UTd1L3A+E8E2DGAqr2R3vSRC:o4KJuxtcmP6nwEaDGAqrAKQkCBu7Pg

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

2.tcp.eu.ngrok.io:11048

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  431e12f989dd7a4c9d8235f4fa9f3e026a4b55921aa2fb4942563f857681f06c.exe
- Size
  
  43KB
- MD5
  
  1917739297383bb37d4f159e8540b70b
- SHA1
  
  12447834e3ce0745f5756f492aee4487c6c1cef4
- SHA256
  
  431e12f989dd7a4c9d8235f4fa9f3e026a4b55921aa2fb4942563f857681f06c
- SHA512
  
  7c8b032480dd4e9d972eceb1e1dc354ce5be2c66d777a12a45e267220e5ab601cbfc95d724379a903f59cdc39265a2e62e3d1a9fa66fbe4d8d71c0fa736489c5
- SSDEEP
  
  384:HZyGdElQ5GoyyBrlr0DiEuEe83H/zIIij+ZsNO3PlpJKkkjh/TzF7pWnI/greT0k:5gmolyBr907NRuXQ/o1/+L
Score

10^/10

njrat hacked discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan

behavioral2

njrathackeddiscoverypersistencetrojan