njrat | 4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638 | Triage

Sharing

General

Target

4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638
Size

284KB
Sample

210914-hcydwsfba4
MD5

7b7de9fdef6b59dea770e47a0cfed2b8
SHA1

f412f80e1fea88252812a24de47d005fae4f6543
SHA256

4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638
SHA512

70cd76cdaa22533abb0917d730df0715787ef4ba10873c89552809160aa107c8025ae25a8e5233bccd06184c4114f85121d209d77b2fe717eac506fc38a21b83

Score

10^/10

njrat ألــ,ــكــ,ــســ,ــنــ,ــدر evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ألــ,ــكــ,ــســ,ــنــ,ــدر

C2

mamoon.ddns.net:4444

Mutex

9aa65ce09b29cba73578685095ab8877

Attributes

reg_key
9aa65ce09b29cba73578685095ab8877
splitter
|'|'|

Targets

- Target
  
  4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638
- Size
  
  284KB
- MD5
  
  7b7de9fdef6b59dea770e47a0cfed2b8
- SHA1
  
  f412f80e1fea88252812a24de47d005fae4f6543
- SHA256
  
  4ae1037855a42d00817eadbad82a7599cb0cc7c95b669c5198de99f660e29638
- SHA512
  
  70cd76cdaa22533abb0917d730df0715787ef4ba10873c89552809160aa107c8025ae25a8e5233bccd06184c4114f85121d209d77b2fe717eac506fc38a21b83
Score

10^/10

njrat ألــ,ــكــ,ــســ,ــنــ,ــدر evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

njratألــ,ــكــ,ــســ,ــنــ,ــدرevasionpersistencetrojan