njrat | 578be22ecfe0f4d1535ffbd827276d4ef93e93c6ac9bd33f55febdd72dbc9b93 | Triage

Sharing

General

Target

578be22ecfe0f4d1535ffbd827276d4ef93e93c6ac9bd33f55febdd72dbc9b93
Size

22KB
Sample

210906-hj84zadgek
MD5

40a1f466f31cc1ef46edd731199024e9
SHA1

2240782749be39ff160beda6a07187257736a863
SHA256

578be22ecfe0f4d1535ffbd827276d4ef93e93c6ac9bd33f55febdd72dbc9b93
SHA512

025eba410df39c8789d7120f6f00966f301c2d2a2348530b4a36677424cd4d7e5651c65628c6ffca14e9b1a8f349de9da93215705823ed84730e39503774d17a

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

ttaahhaa4321.ddns.net:1177

Mutex

064a642c9a7c8d589d5c1f13c59a2c38

Attributes

reg_key
064a642c9a7c8d589d5c1f13c59a2c38
splitter
|'|'|

Targets

- Target
  
  578be22ecfe0f4d1535ffbd827276d4ef93e93c6ac9bd33f55febdd72dbc9b93
- Size
  
  22KB
- MD5
  
  40a1f466f31cc1ef46edd731199024e9
- SHA1
  
  2240782749be39ff160beda6a07187257736a863
- SHA256
  
  578be22ecfe0f4d1535ffbd827276d4ef93e93c6ac9bd33f55febdd72dbc9b93
- SHA512
  
  025eba410df39c8789d7120f6f00966f301c2d2a2348530b4a36677424cd4d7e5651c65628c6ffca14e9b1a8f349de9da93215705823ed84730e39503774d17a
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan