njrat | 00faaf68512770431f268aa1a1a26f8c589a3f53298db6311fd38f263fe0d474 | Triage

Sharing

General

Target

00FAAF68512770431F268AA1A1A26F8C589A3F53298DB.exe
Size

1.0MB
Sample

210917-m56yysfdd9
MD5

9d7d796646913b03fa10b8d0770ece41
SHA1

bb689e893dd764b3e55d0da1ddf91de2ef38b088
SHA256

00faaf68512770431f268aa1a1a26f8c589a3f53298db6311fd38f263fe0d474
SHA512

602f2ae98c32ad044deff1edfb9bd5b1d696269880962e6912d1c06b0c809e2ceea353ce854a666fcb917eb24c1d549caa048ad6482124fef10ddb95e70655d1

Score

10^/10

njrat hacked by mr.franko evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked By Mr.Franko

C2

frankohacker.strangled.net:5552

Mutex

69bd721f047aceee1a553df23f737f3e

Attributes

reg_key
69bd721f047aceee1a553df23f737f3e
splitter
|'|'|

Targets

- Target
  
  00FAAF68512770431F268AA1A1A26F8C589A3F53298DB.exe
- Size
  
  1.0MB
- MD5
  
  9d7d796646913b03fa10b8d0770ece41
- SHA1
  
  bb689e893dd764b3e55d0da1ddf91de2ef38b088
- SHA256
  
  00faaf68512770431f268aa1a1a26f8c589a3f53298db6311fd38f263fe0d474
- SHA512
  
  602f2ae98c32ad044deff1edfb9bd5b1d696269880962e6912d1c06b0c809e2ceea353ce854a666fcb917eb24c1d549caa048ad6482124fef10ddb95e70655d1
Score

10^/10

njrat hacked by mr.franko evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacked by mr.frankoevasionpersistencetrojan

behavioral2

njrathacked by mr.frankoevasionpersistencetrojan