njrat | 3498eee678023c712879dcbfc117b9c600001eb01a9a1c77f7a6a1b71ae4bfbe | Triage

Sharing

General

Target

Payload.exe
Size

54KB
Sample

250324-arrkwsvms6
MD5

5fb47c7a1086f6280cdb8090c59333bc
SHA1

d4b43a6354f5408bbabbb5efd0dbae20a92fd8ac
SHA256

3498eee678023c712879dcbfc117b9c600001eb01a9a1c77f7a6a1b71ae4bfbe
SHA512

ae84d58639c0a2f3632497272b72a759d050be0e321471d158df1e9cc7b1365be10c6aa495f2aedc194dc561dec1b214e7a5a59e41faf55f05dc8cc7ffce3862
SSDEEP

768:KyAXUCTZPr2EsltNtNX0UL3msJSN3xWQG35bmaePD5PvS2XXJdxIEpmfg:KyyThGtNtrL/GBWQcGDtX3xIEpmfg

Score

10^/10

njrat victim discovery trojan

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

nickiwhicki-39201.portmap.host:39201

Mutex

2819883ce9929d6f93eae4f3b4a4bb7d

Attributes

reg_key
2819883ce9929d6f93eae4f3b4a4bb7d
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  Payload.exe
- Size
  
  54KB
- MD5
  
  5fb47c7a1086f6280cdb8090c59333bc
- SHA1
  
  d4b43a6354f5408bbabbb5efd0dbae20a92fd8ac
- SHA256
  
  3498eee678023c712879dcbfc117b9c600001eb01a9a1c77f7a6a1b71ae4bfbe
- SHA512
  
  ae84d58639c0a2f3632497272b72a759d050be0e321471d158df1e9cc7b1365be10c6aa495f2aedc194dc561dec1b214e7a5a59e41faf55f05dc8cc7ffce3862
- SSDEEP
  
  768:KyAXUCTZPr2EsltNtNX0UL3msJSN3xWQG35bmaePD5PvS2XXJdxIEpmfg:KyyThGtNtrL/GBWQcGDtX3xIEpmfg
Score

10^/10

njrat discovery trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdiscoverytrojan

behavioral2

njratdiscoverytrojan