njrat | f123f3e05c72e402350046fd0f67e3820726b2cfa3f786dd38f6cac9c5841204 | Triage

Sharing

General

Target

f123f3e05c72e402350046fd0f67e3820726b2cfa3f786dd38f6cac9c5841204
Size

37KB
Sample

210906-hjpekadgdm
MD5

dcf9cc3c393993cf2d0b1d3b9e20b294
SHA1

6e2a4e39c7ddfb02a54c91a7c20f7c42ed99dd23
SHA256

f123f3e05c72e402350046fd0f67e3820726b2cfa3f786dd38f6cac9c5841204
SHA512

fb728fb9cccae33b23ce5d3c9370d5e8af1968e920b3433b70498e47f20487960ef76e8a40aac52709b14d691e5aa3bbb4aa8d647df1af2986e065ad94cb7a73

Score

10^/10

njrat neonyng evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Neonyng

C2

185.204.1.237:8503

Mutex

edf318264ac7ee8c6a8db0b60a665c11

Attributes

reg_key
edf318264ac7ee8c6a8db0b60a665c11
splitter
|'|'|

Targets

- Target
  
  f123f3e05c72e402350046fd0f67e3820726b2cfa3f786dd38f6cac9c5841204
- Size
  
  37KB
- MD5
  
  dcf9cc3c393993cf2d0b1d3b9e20b294
- SHA1
  
  6e2a4e39c7ddfb02a54c91a7c20f7c42ed99dd23
- SHA256
  
  f123f3e05c72e402350046fd0f67e3820726b2cfa3f786dd38f6cac9c5841204
- SHA512
  
  fb728fb9cccae33b23ce5d3c9370d5e8af1968e920b3433b70498e47f20487960ef76e8a40aac52709b14d691e5aa3bbb4aa8d647df1af2986e065ad94cb7a73
Score

10^/10

njrat neonyng evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratneonyngevasionpersistencetrojan

behavioral2

njratneonyngevasionpersistencetrojan