njrat | 06e96d6d733fcd8b3e86b6e8fe2fda415cb1769580739b60fcd857d967893037 | Triage

Sharing

General

Target

06e96d6d733fcd8b3e86b6e8fe2fda415cb1769580739b60fcd857d967893037
Size

27KB
Sample

210906-hj84zadgej
MD5

4ae81e1e7fac444f27c58c9de2f752d2
SHA1

6b3d1b53167cfe34ff89a4565b425db3150b9cd3
SHA256

06e96d6d733fcd8b3e86b6e8fe2fda415cb1769580739b60fcd857d967893037
SHA512

2ab675e5440684e746ad2776d360f092a8edebc2f95bf677bbe0a656f41a8a775daf20f89cc810c77fac1c531a39bf16e2ac9d4e385f0a125955f0cd755f63af

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  06e96d6d733fcd8b3e86b6e8fe2fda415cb1769580739b60fcd857d967893037
- Size
  
  27KB
- MD5
  
  4ae81e1e7fac444f27c58c9de2f752d2
- SHA1
  
  6b3d1b53167cfe34ff89a4565b425db3150b9cd3
- SHA256
  
  06e96d6d733fcd8b3e86b6e8fe2fda415cb1769580739b60fcd857d967893037
- SHA512
  
  2ab675e5440684e746ad2776d360f092a8edebc2f95bf677bbe0a656f41a8a775daf20f89cc810c77fac1c531a39bf16e2ac9d4e385f0a125955f0cd755f63af
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan