njrat | 7ca1684c5b58b0ee2dcecc5b89e14170dde029855223dc79f1035da1a1345882 | Triage

Sharing

General

Target

7ca1684c5b58b0ee2dcecc5b89e14170dde029855223dc79f1035da1a1345882
Size

323KB
Sample

210228-st23w6y8v6
MD5

3065acf0e5b06d1bbdccd15bc48aa2eb
SHA1

305b1629af0ad56bc8bf6584530f624a0868cc54
SHA256

7ca1684c5b58b0ee2dcecc5b89e14170dde029855223dc79f1035da1a1345882
SHA512

108ea1085afb046a8f0515ddc55bc3a3b4b604db75540761d94cd045b57dc8f461819e39f9a81ea3b1128b670d985029b1c8e49dd17fc69add839b89cfee219b

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  7ca1684c5b58b0ee2dcecc5b89e14170dde029855223dc79f1035da1a1345882
- Size
  
  323KB
- MD5
  
  3065acf0e5b06d1bbdccd15bc48aa2eb
- SHA1
  
  305b1629af0ad56bc8bf6584530f624a0868cc54
- SHA256
  
  7ca1684c5b58b0ee2dcecc5b89e14170dde029855223dc79f1035da1a1345882
- SHA512
  
  108ea1085afb046a8f0515ddc55bc3a3b4b604db75540761d94cd045b57dc8f461819e39f9a81ea3b1128b670d985029b1c8e49dd17fc69add839b89cfee219b
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan