njrat | 91eac047cf1d9c96af9c6ade8bd3904b827e8ddd373a5c92ac6d1a55bdb69c11 | Triage

Sharing

General

Target

91eac047cf1d9c96af9c6ade8bd3904b827e8ddd373a5c92ac6d1a55bdb69c11
Size

75KB
Sample

210906-hjpekadgdk
MD5

84f9b3ff127dc38eacd42da00e080dee
SHA1

7dfcd750a7ecbfff358802ac7365477dab8b9aba
SHA256

91eac047cf1d9c96af9c6ade8bd3904b827e8ddd373a5c92ac6d1a55bdb69c11
SHA512

aa9495231d7506936806eae0f2306ec7ecee44752e681ce39c84f37f15eb7f143c32912ba8d4f72a7992ec764f1f9b9ae7e1d1239b6df71c2ecbff9abd9306c5

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

192.168.0.220:5552

Mutex

cf380edbb9022cc313e8604499552980

Attributes

reg_key
cf380edbb9022cc313e8604499552980
splitter
|'|'|

Targets

- Target
  
  91eac047cf1d9c96af9c6ade8bd3904b827e8ddd373a5c92ac6d1a55bdb69c11
- Size
  
  75KB
- MD5
  
  84f9b3ff127dc38eacd42da00e080dee
- SHA1
  
  7dfcd750a7ecbfff358802ac7365477dab8b9aba
- SHA256
  
  91eac047cf1d9c96af9c6ade8bd3904b827e8ddd373a5c92ac6d1a55bdb69c11
- SHA512
  
  aa9495231d7506936806eae0f2306ec7ecee44752e681ce39c84f37f15eb7f143c32912ba8d4f72a7992ec764f1f9b9ae7e1d1239b6df71c2ecbff9abd9306c5
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan