njrat | a12e6089b9cd7c82c569c23f9f9bae41bd9b8838f6f901897346d27d6e3fa2ec | Triage

Sharing

General

Target

a12e6089b9cd7c82c569c23f9f9bae41bd9b8838f6f901897346d27d6e3fa2ec
Size

23KB
Sample

210907-gxpf2sfcdq
MD5

699ed9143001593010fcc6414b7a6379
SHA1

f07754021510d3bb3f4e204b61a9ca422d814745
SHA256

a12e6089b9cd7c82c569c23f9f9bae41bd9b8838f6f901897346d27d6e3fa2ec
SHA512

aa4dba3b71885cc5457afb45e39fb164d4ffdcaa48bc91291925e44dc90b32258e4f656f4070f7e146a001eae021c51dfd6a414a15e906b7d58651d032e6454b

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

maximus99.ddns.net:5555

Mutex

cf7791e53cf2a759416f6396dcf7bd6a

Attributes

reg_key
cf7791e53cf2a759416f6396dcf7bd6a
splitter
|'|'|

Targets

- Target
  
  a12e6089b9cd7c82c569c23f9f9bae41bd9b8838f6f901897346d27d6e3fa2ec
- Size
  
  23KB
- MD5
  
  699ed9143001593010fcc6414b7a6379
- SHA1
  
  f07754021510d3bb3f4e204b61a9ca422d814745
- SHA256
  
  a12e6089b9cd7c82c569c23f9f9bae41bd9b8838f6f901897346d27d6e3fa2ec
- SHA512
  
  aa4dba3b71885cc5457afb45e39fb164d4ffdcaa48bc91291925e44dc90b32258e4f656f4070f7e146a001eae021c51dfd6a414a15e906b7d58651d032e6454b
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan