njrat | 683987dc12a8cffcfa59ca6dbc50bfd0695252527ab6be83a35ea6c25a34c36f | Triage

Sharing

General

Target

683987dc12a8cffcfa59ca6dbc50bfd0695252527ab6be83a35ea6c25a34c36f.exe
Size

43KB
Sample

250101-qc2qbayjbq
MD5

0688d33b45b1191af2dd7d59826cc154
SHA1

0491bce21d65f791ccc9c2bece5da1eaef39b07a
SHA256

683987dc12a8cffcfa59ca6dbc50bfd0695252527ab6be83a35ea6c25a34c36f
SHA512

c6426f6ec916c7a3e8f7cc57a748246c5a5676fc8bd6df5f422d6799790c915a0337cd8958769de279ca6ee8a68981d4ae5af96bf0105d797e42cd6928ac91d5
SSDEEP

384:PZyt4DgolYxOoyi08Hyf2ASEN8MFQPzgIij+ZsNO3PlpJKkkjh/TzF7pWn4/grez:xsouIli04kDP8qwuXQ/oF/+LU

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

95.79.32.220:28015

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  683987dc12a8cffcfa59ca6dbc50bfd0695252527ab6be83a35ea6c25a34c36f.exe
- Size
  
  43KB
- MD5
  
  0688d33b45b1191af2dd7d59826cc154
- SHA1
  
  0491bce21d65f791ccc9c2bece5da1eaef39b07a
- SHA256
  
  683987dc12a8cffcfa59ca6dbc50bfd0695252527ab6be83a35ea6c25a34c36f
- SHA512
  
  c6426f6ec916c7a3e8f7cc57a748246c5a5676fc8bd6df5f422d6799790c915a0337cd8958769de279ca6ee8a68981d4ae5af96bf0105d797e42cd6928ac91d5
- SSDEEP
  
  384:PZyt4DgolYxOoyi08Hyf2ASEN8MFQPzgIij+ZsNO3PlpJKkkjh/TzF7pWn4/grez:xsouIli04kDP8qwuXQ/oF/+LU
Score

10^/10

njrat hacked discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan

behavioral2

njrathackeddiscoverypersistencetrojan