njrat | 391d3357c3e07d6444f6cd189f68d748c52444c30d3dd68282c50acf62e5db72 | Triage

Sharing

General

Target

391d3357c3e07d6444f6cd189f68d748c52444c30d3dd68282c50acf62e5db72.exe
Size

209KB
Sample

250103-dyagqsxmht
MD5

c4a07f7612b822a1c6e6879ba5dcc5de
SHA1

09d44c896d14e7df8d8da0d938235ee33c9b2281
SHA256

391d3357c3e07d6444f6cd189f68d748c52444c30d3dd68282c50acf62e5db72
SHA512

27c07202d83ac4593e1f734480f735e2b4d02bac4646211756eb852267aff8c1acbe974161c93ac6baf1981ad669b5a30f4d320bc26f4f1d1e71b2ed1dc90058
SSDEEP

3072:rR2EJHNNObrQy5y6GrEHBAnpK37nX9840BQ5f74tyJhcMKNFhHF+bs5iRXr:124NMbrQy7L8c0Fpgs5iJ

Score

10^/10

njrat byabolhb trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ByABOLHB

C2

abolhb.com:505

Mutex

165d6ed988ac

Attributes

reg_key
165d6ed988ac
splitter
|'|'|

Targets

- Target
  
  391d3357c3e07d6444f6cd189f68d748c52444c30d3dd68282c50acf62e5db72.exe
- Size
  
  209KB
- MD5
  
  c4a07f7612b822a1c6e6879ba5dcc5de
- SHA1
  
  09d44c896d14e7df8d8da0d938235ee33c9b2281
- SHA256
  
  391d3357c3e07d6444f6cd189f68d748c52444c30d3dd68282c50acf62e5db72
- SHA512
  
  27c07202d83ac4593e1f734480f735e2b4d02bac4646211756eb852267aff8c1acbe974161c93ac6baf1981ad669b5a30f4d320bc26f4f1d1e71b2ed1dc90058
- SSDEEP
  
  3072:rR2EJHNNObrQy5y6GrEHBAnpK37nX9840BQ5f74tyJhcMKNFhHF+bs5iRXr:124NMbrQy7L8c0Fpgs5iJ
Score

10^/10

njrat byabolhb trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratbyabolhbtrojan

behavioral2

njratbyabolhbtrojan