njrat | 85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa | Triage

Sharing

General

Target

85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa
Size

863KB
Sample

210913-hgfpmsdag9
MD5

301b9f7de5b10a8030c47e1121088667
SHA1

b21a782922b49d3b1be7abb205b1037e613fa13f
SHA256

85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa
SHA512

878381ce19b2ddb01ce96e90017c902a6d87283376354e862bf6c1a1772e182f6e7c5b7fc839ddc150cc3e79062aeaff584c880d4cfb6f6bdd9b3d810b14c509

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.10.10:5552

Mutex

0dc24807523d3cd24b54cd0996e4c49b

Attributes

reg_key
0dc24807523d3cd24b54cd0996e4c49b
splitter
|'|'|

Targets

- Target
  
  85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa
- Size
  
  863KB
- MD5
  
  301b9f7de5b10a8030c47e1121088667
- SHA1
  
  b21a782922b49d3b1be7abb205b1037e613fa13f
- SHA256
  
  85c9f16abba34e9fd9b0414251f015c8a8b70427944d7b37e09995cf3f0ac7aa
- SHA512
  
  878381ce19b2ddb01ce96e90017c902a6d87283376354e862bf6c1a1772e182f6e7c5b7fc839ddc150cc3e79062aeaff584c880d4cfb6f6bdd9b3d810b14c509
Score

10^/10

njrat hacked evasion persistence trojan
- UAC bypass
  evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njrathackedevasionpersistencetrojan