njrat | 09128af6b8c906c74560b065574fc629d4d78977bacaa74e77f4be1ecb8688a5 | Triage

Sharing

General

Target

09128af6b8c906c74560b065574fc629d4d78977bacaa74e77f4be1ecb8688a5
Size

160KB
Sample

210623-1g4kvbj41x
MD5

49aa3934b1db5807c9d06fd4fb0a9957
SHA1

1a4d73cde317df49035d5fb939a49a190a9d74e8
SHA256

09128af6b8c906c74560b065574fc629d4d78977bacaa74e77f4be1ecb8688a5
SHA512

c6a5dc21099140e2bc9fdf67419383cd87e36afb1898d5c558defcf899bde6a47e6119bd66274d0a9dcd931fc7decf06f1b2123bcb3c5ef9cdfdf79ede73b760

Score

10^/10

njrat hacked by mr.franko evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked By Mr.Franko

C2

frankohacker.strangled.net:5552

Mutex

69bd721f047aceee1a553df23f737f3e

Attributes

reg_key
69bd721f047aceee1a553df23f737f3e
splitter
|'|'|

Targets

- Target
  
  09128af6b8c906c74560b065574fc629d4d78977bacaa74e77f4be1ecb8688a5
- Size
  
  160KB
- MD5
  
  49aa3934b1db5807c9d06fd4fb0a9957
- SHA1
  
  1a4d73cde317df49035d5fb939a49a190a9d74e8
- SHA256
  
  09128af6b8c906c74560b065574fc629d4d78977bacaa74e77f4be1ecb8688a5
- SHA512
  
  c6a5dc21099140e2bc9fdf67419383cd87e36afb1898d5c558defcf899bde6a47e6119bd66274d0a9dcd931fc7decf06f1b2123bcb3c5ef9cdfdf79ede73b760
Score

10^/10

njrat hacked by mr.franko evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacked by mr.frankoevasionpersistencetrojan

behavioral2

njrathacked by mr.frankoevasionpersistencetrojan