njrat | 7a6edc6b74d76e1408b04cb2ed4a68cdd1d453c8ffeba1c9738104b9ce396ebe | Triage

Sharing

General

Target

Payload.exe
Size

55KB
Sample

250114-qnnyla1mfk
MD5

02210e013d0b6d534781137224af1e60
SHA1

fe0e9c461fc8a1d7399348f28f40c8910b203300
SHA256

7a6edc6b74d76e1408b04cb2ed4a68cdd1d453c8ffeba1c9738104b9ce396ebe
SHA512

8709143e7084c00dbaadcdeb4606cefb2b52076126e08731c032675ca4f87d8be3cc2fbbd5967d4331971d71ad80cc185faf5e018b36562afb374575d1dfe551
SSDEEP

1536:pwws4DnAN7jytFADKwsNMDUXExI3pmfm:mT4DnA2PADKwsNMDUXExI3pm

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

2.tcp.eu.ngrok.io:18768

Mutex

a5b0f3cbb775d9991f0afd56ded86e2d

Attributes

reg_key
a5b0f3cbb775d9991f0afd56ded86e2d
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  55KB
- MD5
  
  02210e013d0b6d534781137224af1e60
- SHA1
  
  fe0e9c461fc8a1d7399348f28f40c8910b203300
- SHA256
  
  7a6edc6b74d76e1408b04cb2ed4a68cdd1d453c8ffeba1c9738104b9ce396ebe
- SHA512
  
  8709143e7084c00dbaadcdeb4606cefb2b52076126e08731c032675ca4f87d8be3cc2fbbd5967d4331971d71ad80cc185faf5e018b36562afb374575d1dfe551
- SSDEEP
  
  1536:pwws4DnAN7jytFADKwsNMDUXExI3pmfm:mT4DnA2PADKwsNMDUXExI3pm
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan