njrat | 20c49b95bdc74a3525446fdc3ccb4c8aa81146bb3455a567d547f3ad3150930a | Triage

Sharing

General

Target

HFHHzjDb.exe
Size

23KB
Sample

201126-6wblnyjes2
MD5

e46af2bdd1dce6e3057ed0620e9258e9
SHA1

6da0c9a047e7525624d75eab49f2805fd8d1c9b5
SHA256

20c49b95bdc74a3525446fdc3ccb4c8aa81146bb3455a567d547f3ad3150930a
SHA512

6c77386418eecaf28869dbc4610cebdd6e9960c1064fd4bd272db63c1b31d3187e64dc763a1417f6cbc3eb6cf0c17b7db0440c12124a360466384790fdf346f4

Score

10^/10

njrat hacked by ayouboto evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed by ayouboto

C2

frifra.myq-see.com:5552

Mutex

9f7aaf2b008e1c7912a43cef67198b0a

Attributes

reg_key
9f7aaf2b008e1c7912a43cef67198b0a
splitter
|'|'|

Targets

- Target
  
  HFHHzjDb.exe
- Size
  
  23KB
- MD5
  
  e46af2bdd1dce6e3057ed0620e9258e9
- SHA1
  
  6da0c9a047e7525624d75eab49f2805fd8d1c9b5
- SHA256
  
  20c49b95bdc74a3525446fdc3ccb4c8aa81146bb3455a567d547f3ad3150930a
- SHA512
  
  6c77386418eecaf28869dbc4610cebdd6e9960c1064fd4bd272db63c1b31d3187e64dc763a1417f6cbc3eb6cf0c17b7db0440c12124a360466384790fdf346f4
Score

10^/10

njrat hacked by ayouboto evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacked by ayoubotoevasionpersistencetrojan

behavioral2

njrathacked by ayoubotoevasionpersistencetrojan