njrat | d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38 | Triage

Sharing

General

Target

d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38
Size

229KB
Sample

210513-cdprj8z7en
MD5

4ea8e403e744f198c103e66e287b9731
SHA1

6ce569d8fe513df0e931a57381397f595a9062e9
SHA256

d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38
SHA512

290c665545d43f1259f51df28380a684f603244e074c28e0f7773edd9f3ece1167d589b063c692a7987761e1c624783dddd51df2381f58de8071afd206b837c9

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

alonewolf-45132.portmap.host:59129

Mutex

d17de3a1ae19a122b329daf28aa6ff3b

Attributes

reg_key
d17de3a1ae19a122b329daf28aa6ff3b
splitter
|'|'|

Targets

- Target
  
  d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38
- Size
  
  229KB
- MD5
  
  4ea8e403e744f198c103e66e287b9731
- SHA1
  
  6ce569d8fe513df0e931a57381397f595a9062e9
- SHA256
  
  d36ae25ddcc24e88479480cc09312c2e9cd78cc124442b5e036035f6bbe70d38
- SHA512
  
  290c665545d43f1259f51df28380a684f603244e074c28e0f7773edd9f3ece1167d589b063c692a7987761e1c624783dddd51df2381f58de8071afd206b837c9
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan