njrat | 5d4fc7275426bb63b90c5d97654e11011a513ebc66ee3af603d383e5175af38c | Triage

Sharing

General

Target

c1865a6ccc50d10ec91518c9861ed005.exe
Size

31KB
Sample

210923-zkvreafcd5
MD5

c1865a6ccc50d10ec91518c9861ed005
SHA1

493bf878ddc94d4a49c5d76243b083cb3d4c6a89
SHA256

5d4fc7275426bb63b90c5d97654e11011a513ebc66ee3af603d383e5175af38c
SHA512

d76af3962d5c9449e17d4663d285929afb4d9ca2da76684959d68802d53b27401992f9a26e849faa1300062d7950129608d95824d2441dc79de872399a2e137a

Score

10^/10

njrat mybot evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

178.20.44.131:6522

Mutex

949d1d181b4442e0ea82dab5035cb1d3

Attributes

reg_key
949d1d181b4442e0ea82dab5035cb1d3
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  c1865a6ccc50d10ec91518c9861ed005.exe
- Size
  
  31KB
- MD5
  
  c1865a6ccc50d10ec91518c9861ed005
- SHA1
  
  493bf878ddc94d4a49c5d76243b083cb3d4c6a89
- SHA256
  
  5d4fc7275426bb63b90c5d97654e11011a513ebc66ee3af603d383e5175af38c
- SHA512
  
  d76af3962d5c9449e17d4663d285929afb4d9ca2da76684959d68802d53b27401992f9a26e849faa1300062d7950129608d95824d2441dc79de872399a2e137a
Score

10^/10

njrat mybot evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratmybotevasionpersistencetrojan

behavioral2

njratmybotevasionpersistencetrojan