njrat | 15613d4d6864d22409277e56eff01c2b04e83562dd70f3fee12c675621a5971c | Triage

Sharing

General

Target

15613d4d6864d22409277e56eff01c2b04e83562dd70f3fee12c675621a5971c
Size

51KB
Sample

210929-j3ak7aedcm
MD5

0a9af90d289135ef065a62a0dda8602f
SHA1

12d4ecffca285a1aeb9eca710cca16c71f4231d1
SHA256

15613d4d6864d22409277e56eff01c2b04e83562dd70f3fee12c675621a5971c
SHA512

730ad58241099b2aadbea6f7a9c90235c849f934877a2fc7cd7f9ed12ac015dd5c830c296f68b0fcbd811a9757c560d05a971b41b53a55b5455e75a662032128

Score

10^/10

njrat jinn evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

jinn

C2

mouhamedjinn2.ddns.net:1177

Mutex

9174f01a6e44cbc9af1239d5bb1d7327

Attributes

reg_key
9174f01a6e44cbc9af1239d5bb1d7327
splitter
|'|'|

Targets

- Target
  
  15613d4d6864d22409277e56eff01c2b04e83562dd70f3fee12c675621a5971c
- Size
  
  51KB
- MD5
  
  0a9af90d289135ef065a62a0dda8602f
- SHA1
  
  12d4ecffca285a1aeb9eca710cca16c71f4231d1
- SHA256
  
  15613d4d6864d22409277e56eff01c2b04e83562dd70f3fee12c675621a5971c
- SHA512
  
  730ad58241099b2aadbea6f7a9c90235c849f934877a2fc7cd7f9ed12ac015dd5c830c296f68b0fcbd811a9757c560d05a971b41b53a55b5455e75a662032128
Score

10^/10

njrat jinn evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratjinnevasionpersistencetrojan

behavioral2

njratjinnevasionpersistencetrojan