njrat | 697a03588c4aa24e8b85ce0c55277d9ae65bf1b455125ecef64a83a3920449ef | Triage

Sharing

General

Target

697a03588c4aa24e8b85ce0c55277d9ae65bf1b455125ecef64a83a3920449ef
Size

23KB
Sample

210228-35ltbrmthe
MD5

01d11cfd0296189005cd28010bea8997
SHA1

0b7eaab6ca85b0aea9ac059041ea3288221862d8
SHA256

697a03588c4aa24e8b85ce0c55277d9ae65bf1b455125ecef64a83a3920449ef
SHA512

a5b2676a60ae68e1f3729f4af092ac41e4f3edc288e53172f66a4b669f451619130978028c14436cd86d218ef46c79c4317d3b9cf873817d6b659778ddd42a3c

Score

10^/10

njrat wirelesskey evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

WirelessKey

C2

552020.ddns.net:5552

Mutex

52848614b130542748d8bc2310e8563e

Attributes

reg_key
52848614b130542748d8bc2310e8563e
splitter
|'|'|

Targets

- Target
  
  697a03588c4aa24e8b85ce0c55277d9ae65bf1b455125ecef64a83a3920449ef
- Size
  
  23KB
- MD5
  
  01d11cfd0296189005cd28010bea8997
- SHA1
  
  0b7eaab6ca85b0aea9ac059041ea3288221862d8
- SHA256
  
  697a03588c4aa24e8b85ce0c55277d9ae65bf1b455125ecef64a83a3920449ef
- SHA512
  
  a5b2676a60ae68e1f3729f4af092ac41e4f3edc288e53172f66a4b669f451619130978028c14436cd86d218ef46c79c4317d3b9cf873817d6b659778ddd42a3c
Score

10^/10

njrat wirelesskey evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratwirelesskeyevasionpersistencetrojan

behavioral2

njratwirelesskeyevasionpersistencetrojan