njrat | c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f | Triage

Sharing

General

Target

C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
Size

31KB
Sample

210930-1ycnesadh7
MD5

4adad151f3c235616ce57238c32b4b34
SHA1

9d05a045e0ce402ff257d799921a9557a2569535
SHA256

c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f
SHA512

34b9607899e79f6e381c648f6afde801aed03e4041c9affc13d4855032d139f5164b7f2c4adfea56366d3365dd758fe9c86110b2148cc0c744f04945fc79a366

Score

10^/10

njrat cheat evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

cheat

C2

0.tcp.ngrok.io:11421

Mutex

33aef9319e7f69a68e51dc4a67780130

Attributes

reg_key
33aef9319e7f69a68e51dc4a67780130
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  C50488A31B6CE8D0DDD65B57BD27CF8C1BC86AD038247.exe
- Size
  
  31KB
- MD5
  
  4adad151f3c235616ce57238c32b4b34
- SHA1
  
  9d05a045e0ce402ff257d799921a9557a2569535
- SHA256
  
  c50488a31b6ce8d0ddd65b57bd27cf8c1bc86ad0382476f813c33083c5575d6f
- SHA512
  
  34b9607899e79f6e381c648f6afde801aed03e4041c9affc13d4855032d139f5164b7f2c4adfea56366d3365dd758fe9c86110b2148cc0c744f04945fc79a366
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan