njrat | cc193cf3d64208e86f40627fdecc7a32d4275924ae648740ffa3924ba1239d7d | Triage

Sharing

General

Target

cc193cf3d64208e86f40627fdecc7a32d4275924ae648740ffa3924ba1239d7d
Size

2.0MB
Sample

210920-j2q7jsddd2
MD5

061aad12c2c7c31933d818c4e120908d
SHA1

045ce53c1de8f148343f36c9cf1cf9e4859926d1
SHA256

cc193cf3d64208e86f40627fdecc7a32d4275924ae648740ffa3924ba1239d7d
SHA512

b41b858d65e2685db4f0a37d033c3098665737af53abab6046048fa53e5866f7d622b12b171832adfa9185dd4ffbddfd2874db1ab252c648acb5877ed56cda31

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  cc193cf3d64208e86f40627fdecc7a32d4275924ae648740ffa3924ba1239d7d
- Size
  
  2.0MB
- MD5
  
  061aad12c2c7c31933d818c4e120908d
- SHA1
  
  045ce53c1de8f148343f36c9cf1cf9e4859926d1
- SHA256
  
  cc193cf3d64208e86f40627fdecc7a32d4275924ae648740ffa3924ba1239d7d
- SHA512
  
  b41b858d65e2685db4f0a37d033c3098665737af53abab6046048fa53e5866f7d622b12b171832adfa9185dd4ffbddfd2874db1ab252c648acb5877ed56cda31
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan