njrat | 549a4bc7d1952189ee961ea96a4b6e936d3c1ebe2303bc3ef8a8dff200600b92 | Triage

Sharing

General

Target

549a4bc7d1952189ee961ea96a4b6e936d3c1ebe2303bc3ef8a8dff200600b92N.exe
Size

71KB
Sample

250124-m1mphsvmhs
MD5

5715b6cce13bf186a655c5aa14df2100
SHA1

d6d7747a90222e87020ebeff55afefdebde46ebe
SHA256

549a4bc7d1952189ee961ea96a4b6e936d3c1ebe2303bc3ef8a8dff200600b92
SHA512

7945e9318809ba5700965ccbf2172f804546204d45f627c695e0b3abaa3f47e3684b0406eb7f477851763f22fabb1fa0a79c449fe8c92d513050a2a099b8ca19
SSDEEP

1536:KFBwImo1lyoWSlqejUiX5f2F0iZ+J9QLXHQ/HVM4brcJtiBfKMt9PMlAaF9bC1:zTOXWLX2VM4iq9PhaF9bC

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

Victim

C2

kgbhostpro.duckdns.org:963

Mutex

svchost.exe

Attributes

reg_key
svchost.exe
splitter
|Ghost|

Targets

- Target
  
  549a4bc7d1952189ee961ea96a4b6e936d3c1ebe2303bc3ef8a8dff200600b92N.exe
- Size
  
  71KB
- MD5
  
  5715b6cce13bf186a655c5aa14df2100
- SHA1
  
  d6d7747a90222e87020ebeff55afefdebde46ebe
- SHA256
  
  549a4bc7d1952189ee961ea96a4b6e936d3c1ebe2303bc3ef8a8dff200600b92
- SHA512
  
  7945e9318809ba5700965ccbf2172f804546204d45f627c695e0b3abaa3f47e3684b0406eb7f477851763f22fabb1fa0a79c449fe8c92d513050a2a099b8ca19
- SSDEEP
  
  1536:KFBwImo1lyoWSlqejUiX5f2F0iZ+J9QLXHQ/HVM4brcJtiBfKMt9PMlAaF9bC1:zTOXWLX2VM4iq9PhaF9bC
Score

10^/10

njrat victim discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratvictimdiscoverytrojan

behavioral2

njratvictimdiscoverytrojan