njrat | 2fbd4c61e4613e425bb8dd46736f0bb521a237f6491610c5a39287818f88e41d | Triage

Sharing

General

Target

2fbd4c61e4613e425bb8dd46736f0bb521a237f6491610c5a39287818f88e41d
Size

31KB
Sample

210906-hj84zadgdr
MD5

dca3d389c748b3179e27046a701b16da
SHA1

b1f1c573150587c88056b9419f5c0b68d8b0cc87
SHA256

2fbd4c61e4613e425bb8dd46736f0bb521a237f6491610c5a39287818f88e41d
SHA512

adfda3804e8ac6f4763319c0e60fd225b83403607852b8fd67ad0efad85242a57cd6ac7d316eabd54d1ffe77d81bb9939e0fd00a7ca820c056a640980fb74c79

Score

10^/10

njrat my_bot evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

My_Bot

C2

127.0.0.1:6522

Mutex

eff3440316873cdbbc13673c2756d635

Attributes

reg_key
eff3440316873cdbbc13673c2756d635
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  2fbd4c61e4613e425bb8dd46736f0bb521a237f6491610c5a39287818f88e41d
- Size
  
  31KB
- MD5
  
  dca3d389c748b3179e27046a701b16da
- SHA1
  
  b1f1c573150587c88056b9419f5c0b68d8b0cc87
- SHA256
  
  2fbd4c61e4613e425bb8dd46736f0bb521a237f6491610c5a39287818f88e41d
- SHA512
  
  adfda3804e8ac6f4763319c0e60fd225b83403607852b8fd67ad0efad85242a57cd6ac7d316eabd54d1ffe77d81bb9939e0fd00a7ca820c056a640980fb74c79
Score

10^/10

njrat my_bot evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratmy_botevasionpersistencetrojan

behavioral2

njratmy_botevasionpersistencetrojan