njrat | 8320f6171990184f84338329dae465e33ef90e1a9584e7087b226d682b8e1594 | Triage

Sharing

General

Target

8320F6171990184F84338329DAE465E33EF90E1A9584E.exe
Size

23KB
Sample

211001-p9jekabhb9
MD5

a873745adb5279248a7ea3cccff26c3c
SHA1

551fb96900684f790fca3b2b837d1c88ef0508dc
SHA256

8320f6171990184f84338329dae465e33ef90e1a9584e7087b226d682b8e1594
SHA512

09d94e876577cd9c1ae164bb6bfa94fc440482f2fc5e775b6d7222508ad4ef53697f2164044b30789d7a2cf4f703a98d4958968c7cd774811a89a2188310b87f

Score

10^/10

njrat lammer evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Lammer

C2

6.tcp.ngrok.io:16860

Mutex

142514b06c5331e576c2b748ba1ec681

Attributes

reg_key
142514b06c5331e576c2b748ba1ec681
splitter
|'|'|

Targets

- Target
  
  8320F6171990184F84338329DAE465E33EF90E1A9584E.exe
- Size
  
  23KB
- MD5
  
  a873745adb5279248a7ea3cccff26c3c
- SHA1
  
  551fb96900684f790fca3b2b837d1c88ef0508dc
- SHA256
  
  8320f6171990184f84338329dae465e33ef90e1a9584e7087b226d682b8e1594
- SHA512
  
  09d94e876577cd9c1ae164bb6bfa94fc440482f2fc5e775b6d7222508ad4ef53697f2164044b30789d7a2cf4f703a98d4958968c7cd774811a89a2188310b87f
Score

10^/10

njrat lammer evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratlammerevasionpersistencetrojan

behavioral2

njratlammerevasionpersistencetrojan