njrat | 0e24d40828ef4582c2571e175e9f1c59e1484fa926cffe18b1a4547f6ee2781a | Triage

Sharing

General

Target

a73c12e9bb944ca7494ac845ee87db2e.exe
Size

92KB
Sample

211101-m1ptwahfg7
MD5

a73c12e9bb944ca7494ac845ee87db2e
SHA1

20ea37ae6b6b6cf15edc65bf200cde2a2b47d2a2
SHA256

0e24d40828ef4582c2571e175e9f1c59e1484fa926cffe18b1a4547f6ee2781a
SHA512

c89e78e08f97f6399d92a71efb489d998b2089bae74f26555f569e21440561fea64956370d8b881e3c8729f20ddc466c6821f5529cbc3a205b0700ba93f47bd5

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

203.159.92.167:2323

Mutex

9d38b66479584d90a4d378a84f8e5769

Attributes

reg_key
9d38b66479584d90a4d378a84f8e5769
splitter
|'|'|

Targets

- Target
  
  a73c12e9bb944ca7494ac845ee87db2e.exe
- Size
  
  92KB
- MD5
  
  a73c12e9bb944ca7494ac845ee87db2e
- SHA1
  
  20ea37ae6b6b6cf15edc65bf200cde2a2b47d2a2
- SHA256
  
  0e24d40828ef4582c2571e175e9f1c59e1484fa926cffe18b1a4547f6ee2781a
- SHA512
  
  c89e78e08f97f6399d92a71efb489d998b2089bae74f26555f569e21440561fea64956370d8b881e3c8729f20ddc466c6821f5529cbc3a205b0700ba93f47bd5
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan