njrat | 48c3a3ada659fff5dd6571878fa4e5aa4d0e0caf683c9d48e44f75c027835781 | Triage

Sharing

General

Target

48c3a3ada659fff5dd6571878fa4e5aa4d0e0caf683c9d48e44f75c027835781
Size

23KB
Sample

210929-j4exaseddk
MD5

72c391745df454a943727593554897dd
SHA1

da75bba892bb982e62246e2e13135a69b8010440
SHA256

48c3a3ada659fff5dd6571878fa4e5aa4d0e0caf683c9d48e44f75c027835781
SHA512

2185660926d742b24412cd71f4040c0044f803d199d6fa9fcf9805af65de00dab4f29555a2cd4e9b54d14cd12bb00bf415d894bb0739a4ddc050068acfb51af7

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

10.10.10.10:5552

Mutex

0dc24807523d3cd24b54cd0996e4c49b

Attributes

reg_key
0dc24807523d3cd24b54cd0996e4c49b
splitter
|'|'|

Targets

- Target
  
  48c3a3ada659fff5dd6571878fa4e5aa4d0e0caf683c9d48e44f75c027835781
- Size
  
  23KB
- MD5
  
  72c391745df454a943727593554897dd
- SHA1
  
  da75bba892bb982e62246e2e13135a69b8010440
- SHA256
  
  48c3a3ada659fff5dd6571878fa4e5aa4d0e0caf683c9d48e44f75c027835781
- SHA512
  
  2185660926d742b24412cd71f4040c0044f803d199d6fa9fcf9805af65de00dab4f29555a2cd4e9b54d14cd12bb00bf415d894bb0739a4ddc050068acfb51af7
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan