njrat | 9b427557d6451afadb6903868c4410c94ed58a703a3ef95323d44b4b0b32de53 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.PackedNET.114.17332.4932
Size

101KB
Sample

210321-ha9vgcbgvn
MD5

a85190837b16f6251a85a30b9d4f5c14
SHA1

6c16dcb25a2fbe2d5241ba6f7ef23fdf7820724d
SHA256

9b427557d6451afadb6903868c4410c94ed58a703a3ef95323d44b4b0b32de53
SHA512

d95792d95d26c19ad21d9d37f6e52db1fb18cef5ee0870bd2767a3320cd50af74bf12bc0e916f162cd2a92a18368c4f06b161246944801febfab91d94f770100

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.PackedNET.114.17332.4932
- Size
  
  101KB
- MD5
  
  a85190837b16f6251a85a30b9d4f5c14
- SHA1
  
  6c16dcb25a2fbe2d5241ba6f7ef23fdf7820724d
- SHA256
  
  9b427557d6451afadb6903868c4410c94ed58a703a3ef95323d44b4b0b32de53
- SHA512
  
  d95792d95d26c19ad21d9d37f6e52db1fb18cef5ee0870bd2767a3320cd50af74bf12bc0e916f162cd2a92a18368c4f06b161246944801febfab91d94f770100
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan