njrat | 0cf5a7646bb4033425811d5d0a1432d229c87e4850228be4ca5493fcaf2c0c3a | Triage

Sharing

General

Target

Vrz7skDd.exe
Size

23KB
Sample

201223-zdh2c8yfg2
MD5

d53632afb8714caff16ff790a2799cd4
SHA1

2b156be1603ee3f615d3727c6d28d30b44821869
SHA256

0cf5a7646bb4033425811d5d0a1432d229c87e4850228be4ca5493fcaf2c0c3a
SHA512

97f2dbb993100d414de977f1bbed851acec1d766f2593038f926f11d3d1d75d82ef6fda136feb12392023defe5c5abc991037900d8101a29f68c11db9a074012

Score

10^/10

njrat ابن سوريا a_b_n_syria evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ابن سوريا A_B_N_SYRIA

C2

xoruf.ddns.net:5552

Mutex

5e3a65ea61324e81c313ed04d0316f69

Attributes

reg_key
5e3a65ea61324e81c313ed04d0316f69
splitter
@!#&^%$

Targets

- Target
  
  Vrz7skDd.exe
- Size
  
  23KB
- MD5
  
  d53632afb8714caff16ff790a2799cd4
- SHA1
  
  2b156be1603ee3f615d3727c6d28d30b44821869
- SHA256
  
  0cf5a7646bb4033425811d5d0a1432d229c87e4850228be4ca5493fcaf2c0c3a
- SHA512
  
  97f2dbb993100d414de977f1bbed851acec1d766f2593038f926f11d3d1d75d82ef6fda136feb12392023defe5c5abc991037900d8101a29f68c11db9a074012
Score

10^/10

njrat ابن سوريا a_b_n_syria evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratابن سوريا a_b_n_syriaevasionpersistencetrojan

behavioral2

njratابن سوريا a_b_n_syriaevasionpersistencetrojan