njrat | 56baefa1714681b34047b80ba4fe073084a9a23c9317a4d23e24c472384d7eb4 | Triage

Sharing

General

Target

56baefa1714681b34047b80ba4fe073084a9a23c9317a4d23e24c472384d7eb4N.exe
Size

39KB
Sample

250205-ets9qa1jhn
MD5

e72719029d1131e178d63e7591086f10
SHA1

60a771314435505d4395ed3928283e902cf6d8a3
SHA256

56baefa1714681b34047b80ba4fe073084a9a23c9317a4d23e24c472384d7eb4
SHA512

969979ada1a12e6b3541cee3c5427a8967867d0e0eebc790c169bcac46cab545c2d1f8307eb2c7ba7c89e8e8d0b75f8a570916a4920ac450ba0a0e7104773300
SSDEEP

768:VvAmeTEwwQWpZ/s50OdUZGUOkNNZ0JEyK08WT50UvY2:iBAB1sN4pNgSyTBXl

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:4444

Mutex

rshgfdgrarsft.exe

Attributes

reg_key
rshgfdgrarsft.exe
splitter
|Ghost|

Targets

- Target
  
  56baefa1714681b34047b80ba4fe073084a9a23c9317a4d23e24c472384d7eb4N.exe
- Size
  
  39KB
- MD5
  
  e72719029d1131e178d63e7591086f10
- SHA1
  
  60a771314435505d4395ed3928283e902cf6d8a3
- SHA256
  
  56baefa1714681b34047b80ba4fe073084a9a23c9317a4d23e24c472384d7eb4
- SHA512
  
  969979ada1a12e6b3541cee3c5427a8967867d0e0eebc790c169bcac46cab545c2d1f8307eb2c7ba7c89e8e8d0b75f8a570916a4920ac450ba0a0e7104773300
- SSDEEP
  
  768:VvAmeTEwwQWpZ/s50OdUZGUOkNNZ0JEyK08WT50UvY2:iBAB1sN4pNgSyTBXl
Score

10^/10

njrat hacked persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedtrojan