njrat | 7e6dbe74cacc0af41a546d4c6de9a50a14556dd9aa1eb604f2f5b1b8aa947429 | Triage

Sharing

General

Target

32B067ACA0339443A8CC7BE1A9398619.exe
Size

245KB
Sample

210904-r5a9haecd8
MD5

32b067aca0339443a8cc7be1a9398619
SHA1

8a2fecd5f8e83366528d6d30c1ed515b68f515b1
SHA256

7e6dbe74cacc0af41a546d4c6de9a50a14556dd9aa1eb604f2f5b1b8aa947429
SHA512

d43b9c7972d73ac093926cb966af6c798d43721298e6f4191d87a3918c03b9ecf3495f14e75aeff41a4bcf55ff1c5e65efbcf6e5691f803bb509efb461b6ae8d

Score

10^/10

njrat testvictim evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

testvictim

C2

77.247.127.72:189

Mutex

0a04621658b925eb76dce3df766c44fe

Attributes

reg_key
0a04621658b925eb76dce3df766c44fe
splitter
|'|'|

Targets

- Target
  
  32B067ACA0339443A8CC7BE1A9398619.exe
- Size
  
  245KB
- MD5
  
  32b067aca0339443a8cc7be1a9398619
- SHA1
  
  8a2fecd5f8e83366528d6d30c1ed515b68f515b1
- SHA256
  
  7e6dbe74cacc0af41a546d4c6de9a50a14556dd9aa1eb604f2f5b1b8aa947429
- SHA512
  
  d43b9c7972d73ac093926cb966af6c798d43721298e6f4191d87a3918c03b9ecf3495f14e75aeff41a4bcf55ff1c5e65efbcf6e5691f803bb509efb461b6ae8d
Score

10^/10

njrat testvictim evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrattestvictimevasionpersistencetrojan

behavioral2

njrattestvictimevasionpersistencetrojan