njrat | 5eb68bbaf58125b0f1bdc8a750a59df3a71707793c2d78d64c483ee8ebe36392 | Triage

Sharing

General

Target

5eb68bbaf58125b0f1bdc8a750a59df3a71707793c2d78d64c483ee8ebe36392
Size

636KB
Sample

210903-k5m5qschb7
MD5

24f2fa2c628f584de5caeea53025d93f
SHA1

47386387814829f24d63fc3a6c3ee1d61559af58
SHA256

5eb68bbaf58125b0f1bdc8a750a59df3a71707793c2d78d64c483ee8ebe36392
SHA512

093730403c7117041a44ae9ca5631cc43e8ab8f3420482a1399c2f15915bc79b9baa1b013e2ab547b98b3f0c413c62c5898dddb96ca9293af0393f887874f3c9

Score

10^/10

njrat destroyer evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Destroyer

C2

plankxd.ddns.net:1177

Mutex

2f806f40c5d4533d860b3bd9e1a2b698

Attributes

reg_key
2f806f40c5d4533d860b3bd9e1a2b698
splitter
|'|'|

Targets

- Target
  
  5eb68bbaf58125b0f1bdc8a750a59df3a71707793c2d78d64c483ee8ebe36392
- Size
  
  636KB
- MD5
  
  24f2fa2c628f584de5caeea53025d93f
- SHA1
  
  47386387814829f24d63fc3a6c3ee1d61559af58
- SHA256
  
  5eb68bbaf58125b0f1bdc8a750a59df3a71707793c2d78d64c483ee8ebe36392
- SHA512
  
  093730403c7117041a44ae9ca5631cc43e8ab8f3420482a1399c2f15915bc79b9baa1b013e2ab547b98b3f0c413c62c5898dddb96ca9293af0393f887874f3c9
Score

10^/10

njrat destroyer evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratdestroyerevasionpersistencetrojan

behavioral2

njratdestroyerevasionpersistencetrojan