njrat | 71cc1166c599e930469f5504583c37309bef66f36d575cf4c18813b7a77fbd6f | Triage

Sharing

General

Target

06df68d23ca8adce4908f39e182b339e.exe
Size

23KB
Sample

210427-6tamf4c8ea
MD5

06df68d23ca8adce4908f39e182b339e
SHA1

d1ce4822591a8739aaf5dad0fbeb64bca38581c7
SHA256

71cc1166c599e930469f5504583c37309bef66f36d575cf4c18813b7a77fbd6f
SHA512

164c80cebcac91c353c8fe9fa3a29d6b6dd831c5483048f60a8a9de60f0c34b1a00fb40f9670301dff05c0be9560ecc0a0db40f72b4ee1de7d3ef1f4d2649aed

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  06df68d23ca8adce4908f39e182b339e.exe
- Size
  
  23KB
- MD5
  
  06df68d23ca8adce4908f39e182b339e
- SHA1
  
  d1ce4822591a8739aaf5dad0fbeb64bca38581c7
- SHA256
  
  71cc1166c599e930469f5504583c37309bef66f36d575cf4c18813b7a77fbd6f
- SHA512
  
  164c80cebcac91c353c8fe9fa3a29d6b6dd831c5483048f60a8a9de60f0c34b1a00fb40f9670301dff05c0be9560ecc0a0db40f72b4ee1de7d3ef1f4d2649aed
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan