njrat | e5c6e43357be6817d7d2c149a28c8b08c1b0013d84a69823f347192f28cabde0 | Triage

Sharing

General

Target

e5c6e43357be6817d7d2c149a28c8b08c1b0013d84a69823f347192f28cabde0
Size

36KB
Sample

210228-y5xnpxbr5j
MD5

973abcd7298bb16fe8cc6a959ceffc40
SHA1

17051bb623dd832f113ce76a1ae0b246e4e535b7
SHA256

e5c6e43357be6817d7d2c149a28c8b08c1b0013d84a69823f347192f28cabde0
SHA512

9b4f5cfd592a320a3415438ee9c7ac5e891a58bc5b512f4abee8c2cce1ecc3279cdeb64733ce2e80edf5ed85b0c90b25a691851e8ea3b32e4b76c8eca1ec51d7

Score

10^/10

njrat hacked by indoxploit evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed By IndoXploiT

C2

maqlogeming.hopto.org:1177

Mutex

42e7842c7ff092fc55317a46a6424bb8

Attributes

reg_key
42e7842c7ff092fc55317a46a6424bb8
splitter
|'|'|

Targets

- Target
  
  e5c6e43357be6817d7d2c149a28c8b08c1b0013d84a69823f347192f28cabde0
- Size
  
  36KB
- MD5
  
  973abcd7298bb16fe8cc6a959ceffc40
- SHA1
  
  17051bb623dd832f113ce76a1ae0b246e4e535b7
- SHA256
  
  e5c6e43357be6817d7d2c149a28c8b08c1b0013d84a69823f347192f28cabde0
- SHA512
  
  9b4f5cfd592a320a3415438ee9c7ac5e891a58bc5b512f4abee8c2cce1ecc3279cdeb64733ce2e80edf5ed85b0c90b25a691851e8ea3b32e4b76c8eca1ec51d7
Score

10^/10

njrat hacked by indoxploit evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathacked by indoxploitevasionpersistencetrojan

behavioral2

njrathacked by indoxploitevasionpersistencetrojan