njrat | 9f85eb5b1e7b261c9a7a1cd793badff334e84942ed652f09a0fc7d83008fe621 | Triage

Submit
Reports

Overview

overview

Static

static

c5e2d8b234...5c.exe

windows7_x64

c5e2d8b234...5c.exe

windows10_x64

Sharing

General

Target

c5e2d8b234f4c2b2db29eba11e18a75c
Size

388KB
Sample

201214-s6ln2kcns6
MD5

c5e2d8b234f4c2b2db29eba11e18a75c
SHA1

6c88462bf8c577b1a6fc304f2724491736b56be5
SHA256

9f85eb5b1e7b261c9a7a1cd793badff334e84942ed652f09a0fc7d83008fe621
SHA512

dab93f487e09c14aaed8f32814d94dfbac9fa9e1d076d730337ab3379058b0bdd012a86219146010e6060eab77b654a8815208a0d027e1cbb3b25b62876f5fa7

Score

10^/10

njrat hacked evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

c5e2d8b234f4c2b2db29eba11e18a75c.exe

Resource

win7v20201028

njrat hacked evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c5e2d8b234f4c2b2db29eba11e18a75c.exe

Resource

win10v20201028

njrat hacked evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

karamnaser321.ddns.net:1177

Mutex

0518517d1f621a093c3997945c521862

Attributes

reg_key
0518517d1f621a093c3997945c521862
splitter
|'|'|

Targets

- Target
  
  c5e2d8b234f4c2b2db29eba11e18a75c
- Size
  
  388KB
- MD5
  
  c5e2d8b234f4c2b2db29eba11e18a75c
- SHA1
  
  6c88462bf8c577b1a6fc304f2724491736b56be5
- SHA256
  
  9f85eb5b1e7b261c9a7a1cd793badff334e84942ed652f09a0fc7d83008fe621
- SHA512
  
  dab93f487e09c14aaed8f32814d94dfbac9fa9e1d076d730337ab3379058b0bdd012a86219146010e6060eab77b654a8815208a0d027e1cbb3b25b62876f5fa7
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan

© 2018-2024

Terms | Privacy