njrat | 881e24b6b76ee059f9c6014daa91180cd1b7a7ab9708dbfe08ae6adf7094df98 | Triage

Sharing

General

Target

52.exe
Size

71KB
Sample

250123-tdpnxswmel
MD5

e26b3b024819700a921a740c183e8a56
SHA1

cd00c8a74001bbbc6f73cc3a7186a0f9a4b87269
SHA256

881e24b6b76ee059f9c6014daa91180cd1b7a7ab9708dbfe08ae6adf7094df98
SHA512

6b7e58febaf029f7834bda01c17296a4b6c005fd5231609299764fc029f9d0379a211bad4cf568529a9d9b22f48bb4d602e932707f6034dd902b5d698b96d8a1
SSDEEP

1536:IeFWP8F/VSYodSnqMlUzrZf2F0iZuM9SIftUEhT04GNrztiBVXiKMt9PMrYaF9bp:phN0rJIfbT04xX/q9PnaF9b1

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

Victim

C2

http://pastebin.com/raw/V0VwSRaW:88

Mutex

svchost.exe

Attributes

reg_key
svchost.exe
splitter
|Ghost|

Targets

- Target
  
  52.exe
- Size
  
  71KB
- MD5
  
  e26b3b024819700a921a740c183e8a56
- SHA1
  
  cd00c8a74001bbbc6f73cc3a7186a0f9a4b87269
- SHA256
  
  881e24b6b76ee059f9c6014daa91180cd1b7a7ab9708dbfe08ae6adf7094df98
- SHA512
  
  6b7e58febaf029f7834bda01c17296a4b6c005fd5231609299764fc029f9d0379a211bad4cf568529a9d9b22f48bb4d602e932707f6034dd902b5d698b96d8a1
- SSDEEP
  
  1536:IeFWP8F/VSYodSnqMlUzrZf2F0iZuM9SIftUEhT04GNrztiBVXiKMt9PMrYaF9bp:phN0rJIfbT04xX/q9PnaF9b1
Score

10^/10

njrat victim discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njratvictimdiscoverytrojan