njrat | 80d3111f1d2a8b8abeab866363fa944ca8327bc68c31fc411f2728ba25fd413f | Triage

Sharing

General

Target

80d3111f1d2a8b8abeab866363fa944ca8327bc68c31fc411f2728ba25fd413f
Size

65KB
Sample

250302-h18jrsywcz
MD5

bcd56158bda3323e40fcde7bae0b7871
SHA1

2dedf18494275389933df6179985aafcbfa3b87b
SHA256

80d3111f1d2a8b8abeab866363fa944ca8327bc68c31fc411f2728ba25fd413f
SHA512

8ff3e9b0d3148320937cf483dd2bad549bc46adf8a78b0e205ab2ef1d3abd82ddef535b68549abfc54057e5b6b4e4d29858013f1703ae184aedba8764c2cf45b
SSDEEP

1536:tC7IM0oN36tWQviFw1kJfHiBnvbcfLteF3nLrB9z3nKaF9biS9vM:tsIM0oN36tWQviFCkdCBnwfWl9zaaF9W

Score

10^/10

njrat hacked discovery persistence

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:12345

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
|Ghost|

Targets

- Target
  
  80d3111f1d2a8b8abeab866363fa944ca8327bc68c31fc411f2728ba25fd413f
- Size
  
  65KB
- MD5
  
  bcd56158bda3323e40fcde7bae0b7871
- SHA1
  
  2dedf18494275389933df6179985aafcbfa3b87b
- SHA256
  
  80d3111f1d2a8b8abeab866363fa944ca8327bc68c31fc411f2728ba25fd413f
- SHA512
  
  8ff3e9b0d3148320937cf483dd2bad549bc46adf8a78b0e205ab2ef1d3abd82ddef535b68549abfc54057e5b6b4e4d29858013f1703ae184aedba8764c2cf45b
- SSDEEP
  
  1536:tC7IM0oN36tWQviFw1kJfHiBnvbcfLteF3nLrB9z3nKaF9biS9vM:tsIM0oN36tWQviFCkdCBnwfWl9zaaF9W
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence