njrat | 8e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644 | Triage

Resubmissions

31/03/2025, 01:21

250331-bqtvaszyhx 10

31/03/2025, 01:18

250331-bn4xgszydt 10

31/03/2025, 01:17

250331-bnwwwasqv7 10

29/03/2025, 14:30

250329-rveh6swqw4 10

Sharing

General

Target

jjexploer.exe
Size

25KB
Sample

250329-rveh6swqw4
MD5

48f18e8a6a3f9b0f948b0e11e736f9e5
SHA1

643cec64499163563d018edbece54075c13e7cc3
SHA256

8e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644
SHA512

110a9e9bae0e4d527c6f8e5c9958aff8a13db398f0b18a727e28d69fa30d0bd759033f8efcbb59b11c2c1816b2cb17c43b7453244a198c217aa48cced0088d7b
SSDEEP

768:svpoyEEfxcQ4UBPq9lzcdaxfvM/r7yPV6U6m:QoyhuLUIjzgCfvM/r7yH6m

Score

10^/10

njrat svhost.exe persistence trojan

Malware Config

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

svhost.exe

C2

animal-premium.gl.at.ply.gg:16843

Mutex

Update

Attributes

reg_key
Update
splitter
|Hassan|

Targets

- Target
  
  jjexploer.exe
- Size
  
  25KB
- MD5
  
  48f18e8a6a3f9b0f948b0e11e736f9e5
- SHA1
  
  643cec64499163563d018edbece54075c13e7cc3
- SHA256
  
  8e9b72f5c85f33855d55ba43828a9eb6747a20c269fd2f0a3e8e79927adcc644
- SHA512
  
  110a9e9bae0e4d527c6f8e5c9958aff8a13db398f0b18a727e28d69fa30d0bd759033f8efcbb59b11c2c1816b2cb17c43b7453244a198c217aa48cced0088d7b
- SSDEEP
  
  768:svpoyEEfxcQ4UBPq9lzcdaxfvM/r7yPV6U6m:QoyhuLUIjzgCfvM/r7yH6m
Score

10^/10

njrat svhost.exe persistence trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratsvhost.exepersistencetrojan