njrat | d6a23bd5941e939de4a0a6af6bb581aefa9fff47cd3d6d5cfa3d170c3a50d389 | Triage

Sharing

General

Target

1ri6vEaZ.exe
Size

23KB
Sample

201124-5np1761t2e
MD5

14302b2f2ea63fc602a20fd8e0843a01
SHA1

4502a056326f9ee055f6d91934148a30608168b8
SHA256

d6a23bd5941e939de4a0a6af6bb581aefa9fff47cd3d6d5cfa3d170c3a50d389
SHA512

d0e953fe15254b0e94eb031e77c83c5f204c4d6278307a416e48fd489e17cf7b9cf964800456395fce54bdbd293a560f0f0bf2d306f95004c809f3ef2d850590

Score

10^/10

njrat hacked by ayouboto evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed by ayouboto

C2

frifra.myq-see.com:5552

Mutex

9f7aaf2b008e1c7912a43cef67198b0a

Attributes

reg_key
9f7aaf2b008e1c7912a43cef67198b0a
splitter
|'|'|

Targets

- Target
  
  1ri6vEaZ.exe
- Size
  
  23KB
- MD5
  
  14302b2f2ea63fc602a20fd8e0843a01
- SHA1
  
  4502a056326f9ee055f6d91934148a30608168b8
- SHA256
  
  d6a23bd5941e939de4a0a6af6bb581aefa9fff47cd3d6d5cfa3d170c3a50d389
- SHA512
  
  d0e953fe15254b0e94eb031e77c83c5f204c4d6278307a416e48fd489e17cf7b9cf964800456395fce54bdbd293a560f0f0bf2d306f95004c809f3ef2d850590
Score

10^/10

njrat hacked by ayouboto evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacked by ayoubotoevasionpersistencetrojan

behavioral2

njrathacked by ayoubotoevasionpersistencetrojan