njrat | 9f911e2c601c0a12643e03b4f48a59be062466246cc840970053c204454f4c15 | Triage

Sharing

General

Target

3194b4e3ba26b850910668cb548c7aee
Size

23KB
Sample

201214-d98rkvh8x6
MD5

3194b4e3ba26b850910668cb548c7aee
SHA1

4e1f903503b6bb1f74f80b8a11c2fd258f70e87e
SHA256

9f911e2c601c0a12643e03b4f48a59be062466246cc840970053c204454f4c15
SHA512

b5f4671f848a799c0a990d8d36f32fae6e3ba872f20bf89b9b5edf13828b3e8d5875d8de04d9722156f978b6ec19e642abf0df430b8cdc5826a2daaf4a9180f4

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  3194b4e3ba26b850910668cb548c7aee
- Size
  
  23KB
- MD5
  
  3194b4e3ba26b850910668cb548c7aee
- SHA1
  
  4e1f903503b6bb1f74f80b8a11c2fd258f70e87e
- SHA256
  
  9f911e2c601c0a12643e03b4f48a59be062466246cc840970053c204454f4c15
- SHA512
  
  b5f4671f848a799c0a990d8d36f32fae6e3ba872f20bf89b9b5edf13828b3e8d5875d8de04d9722156f978b6ec19e642abf0df430b8cdc5826a2daaf4a9180f4
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan