njrat | 6e93ed4c136f400b61c4e24df60db78ec58b51afb644ab1faffa9a956e4d5e67 | Triage

Sharing

General

Target

6e93ed4c136f400b61c4e24df60db78ec58b51afb644ab1faffa9a956e4d5e67
Size

3.2MB
Sample

250124-cnsd5avjhy
MD5

12e67ca3b7338ca19dc628fa6ebecead
SHA1

a5874df0609b1d62fda0b92cc9764020bebe8718
SHA256

6e93ed4c136f400b61c4e24df60db78ec58b51afb644ab1faffa9a956e4d5e67
SHA512

2e80ec0cdb4ea19943698367140af43baeaabb1731ca072e6a404bfea2a79794b6a5f5bc478635956086dee68c1a62e51b2ff4bc56e43956108b01b6d00a0906
SSDEEP

98304:Zviz/27qWGq/TzuqCDl2Ptao7jCP5uNNh:Zviq75/TzufrwNh

Score

10^/10

njrat hacked discovery persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

0.tcp.ngrok.io:18315

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  6e93ed4c136f400b61c4e24df60db78ec58b51afb644ab1faffa9a956e4d5e67
- Size
  
  3.2MB
- MD5
  
  12e67ca3b7338ca19dc628fa6ebecead
- SHA1
  
  a5874df0609b1d62fda0b92cc9764020bebe8718
- SHA256
  
  6e93ed4c136f400b61c4e24df60db78ec58b51afb644ab1faffa9a956e4d5e67
- SHA512
  
  2e80ec0cdb4ea19943698367140af43baeaabb1731ca072e6a404bfea2a79794b6a5f5bc478635956086dee68c1a62e51b2ff4bc56e43956108b01b6d00a0906
- SSDEEP
  
  98304:Zviz/27qWGq/TzuqCDl2Ptao7jCP5uNNh:Zviq75/TzufrwNh
Score

10^/10

njrat hacked discovery persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackeddiscoverypersistencetrojan