njrat | 7471944a136673044e47c277341a4b31d46434a433e902cb2d2bd19b1a79b845 | Triage

Submit
Reports

Overview

overview

Static

static

3

New Client.exe

windows10-2004-x64

Sharing

General

Target

New Client.exe
Size

141KB
Sample

241230-g8pwys1jhm
MD5

a5e6869cc1b826c71ef68e6ab6196606
SHA1

0185672daadea373d19fa721ec644562eba3a82e
SHA256

7471944a136673044e47c277341a4b31d46434a433e902cb2d2bd19b1a79b845
SHA512

ba558d98bcaffc4d096d8238fdb5bd30deec836f5d650eec0bf205a3f3984ee770bff921f615aa937bc85bd0376f05076178b2cd774cf27dcedb6b133447564d
SSDEEP

3072:dUJ8T2SXZyrgoBJtbN/3MCK2kevEwl/6GJHSj7ZnC3Bx0Tcnsn+Mm4:R/JdSI5ebW+z0os+X4

Score

10^/10

njrat hacked discovery persistence phishing trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

New Client.exe

Resource

win10v2004-20241007-en

njrat hacked discovery persistence phishing trojan

windows10-2004-x64

27 signatures

900 seconds

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:10095

Mutex

discord.exe

Attributes

reg_key
discord.exe
splitter
|Ghost|

Targets

- Target
  
  New Client.exe
- Size
  
  141KB
- MD5
  
  a5e6869cc1b826c71ef68e6ab6196606
- SHA1
  
  0185672daadea373d19fa721ec644562eba3a82e
- SHA256
  
  7471944a136673044e47c277341a4b31d46434a433e902cb2d2bd19b1a79b845
- SHA512
  
  ba558d98bcaffc4d096d8238fdb5bd30deec836f5d650eec0bf205a3f3984ee770bff921f615aa937bc85bd0376f05076178b2cd774cf27dcedb6b133447564d
- SSDEEP
  
  3072:dUJ8T2SXZyrgoBJtbN/3MCK2kevEwl/6GJHSj7ZnC3Bx0Tcnsn+Mm4:R/JdSI5ebW+z0os+X4
Score

10^/10

njrat hacked discovery persistence phishing trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencephishingtrojan

© 2018-2025

Terms | Privacy