njrat | 9b33e4cbdb866cf26e5d30d6929b86f01b21eb9e78996237565ba1e088160893 | Triage

Sharing

General

Target

6aa41422717869166e3c3fca64a6282b
Size

1.2MB
Sample

201214-qtlgsvgrke
MD5

6aa41422717869166e3c3fca64a6282b
SHA1

cda8fe84bb2841ec7e541651411228e779a81696
SHA256

9b33e4cbdb866cf26e5d30d6929b86f01b21eb9e78996237565ba1e088160893
SHA512

48e25773818f13f14f4183af0273d9ffc2254801323d4351ce5843df2dba3e926c4acc52ede87e0952e7abea27d8199c18f5a73e3e1188451f45ffe24dfffeef

Score

10^/10

njrat lammer evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

magraotm.ddns.net:1177

Mutex

dd3191152a7e6633d26d1d8422e4e214

Attributes

reg_key
dd3191152a7e6633d26d1d8422e4e214
splitter
|'|'|

Targets

- Target
  
  6aa41422717869166e3c3fca64a6282b
- Size
  
  1.2MB
- MD5
  
  6aa41422717869166e3c3fca64a6282b
- SHA1
  
  cda8fe84bb2841ec7e541651411228e779a81696
- SHA256
  
  9b33e4cbdb866cf26e5d30d6929b86f01b21eb9e78996237565ba1e088160893
- SHA512
  
  48e25773818f13f14f4183af0273d9ffc2254801323d4351ce5843df2dba3e926c4acc52ede87e0952e7abea27d8199c18f5a73e3e1188451f45ffe24dfffeef
Score

10^/10

njrat lammer evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratlammerevasionpersistencetrojan

behavioral2

njratlammerevasionpersistencetrojan