njrat | 79de8a957ad063ca344492294a8effe23484f2edcff99800591eeebc3389ff26 | Triage

Sharing

General

Target

00B304CC27719527294CC81BA4761EF3.exe
Size

121KB
Sample

210908-rlpyjsefa2
MD5

00b304cc27719527294cc81ba4761ef3
SHA1

2cf075ffd58e32d01d1098170a4d891eb870a476
SHA256

79de8a957ad063ca344492294a8effe23484f2edcff99800591eeebc3389ff26
SHA512

83c81f99dc7792486252078aba823d94b9f012e55f612e48e7370b229a474fc1da1c629ee9f76786e6764223dac0b8e676f5a888f28400be72780673dbc5c894

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

mogasolution.ddns.net:1177

Mutex

8eb3dc33a038541a526b690674af9470

Attributes

reg_key
8eb3dc33a038541a526b690674af9470
splitter
|'|'|

Targets

- Target
  
  00B304CC27719527294CC81BA4761EF3.exe
- Size
  
  121KB
- MD5
  
  00b304cc27719527294cc81ba4761ef3
- SHA1
  
  2cf075ffd58e32d01d1098170a4d891eb870a476
- SHA256
  
  79de8a957ad063ca344492294a8effe23484f2edcff99800591eeebc3389ff26
- SHA512
  
  83c81f99dc7792486252078aba823d94b9f012e55f612e48e7370b229a474fc1da1c629ee9f76786e6764223dac0b8e676f5a888f28400be72780673dbc5c894
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan