njrat | 1858e8e2878d8a4a9dd2052cdc076c2b1dbca4e0419687e06df583a00ab6935f | Triage

Sharing

General

Target

F794A2B479B5DF7571D9C79138EB73EB.exe
Size

23KB
Sample

210330-jjyb9741ra
MD5

f794a2b479b5df7571d9c79138eb73eb
SHA1

55b11be9883a188d61ae11656f1a17ec01affff8
SHA256

1858e8e2878d8a4a9dd2052cdc076c2b1dbca4e0419687e06df583a00ab6935f
SHA512

c3acc87422c96a50e67c7e997926e7339239dd19f2815f57182e27a49031229940b02c6e891f7cc13d65db7bef3c825960cd60ce4dfd88b7da6d0f3c7f9c32fc

Score

10^/10

njrat asd evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

asd

C2

0.tcp.ngrok.io:11970

Mutex

93b7bd3974316734da67dbeccae43cab

Attributes

reg_key
93b7bd3974316734da67dbeccae43cab
splitter
|'|'|

Targets

- Target
  
  F794A2B479B5DF7571D9C79138EB73EB.exe
- Size
  
  23KB
- MD5
  
  f794a2b479b5df7571d9c79138eb73eb
- SHA1
  
  55b11be9883a188d61ae11656f1a17ec01affff8
- SHA256
  
  1858e8e2878d8a4a9dd2052cdc076c2b1dbca4e0419687e06df583a00ab6935f
- SHA512
  
  c3acc87422c96a50e67c7e997926e7339239dd19f2815f57182e27a49031229940b02c6e891f7cc13d65db7bef3c825960cd60ce4dfd88b7da6d0f3c7f9c32fc
Score

10^/10

njrat asd evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratasdevasionpersistencetrojan

behavioral2

njratasdevasionpersistencetrojan