njrat | 20951f60595b2530a803ff011fce82b1055e8555ff4970f79642903215f363fe | Triage

Sharing

General

Target

9697d0ca386be540d9acb955cf074ca3aec0f7248f62c275751e83ac5947645d.zip
Size

15KB
Sample

211108-gmgy8abdb3
MD5

88f740583628fa3a4cec548d03c7e806
SHA1

698ff30dbbb2e2844fa7aaee34edbe27954f7bd9
SHA256

20951f60595b2530a803ff011fce82b1055e8555ff4970f79642903215f363fe
SHA512

aa40c974f2ef52e765aa9b90b95d0355153f54ee2b09fc0c01b056eb355a8220f4a055d55a69a213c4803196e7ad23c00efcc11270a9a2ba64798e546fa8e21d

Score

10^/10

njrat 좀비 evasion persistence trojan

Malware Config

Extracted

Family

njrat

Botnet

좀비

Mutex

6506cdba2a23ee6c81479f21c5d918fd

Attributes

reg_key
6506cdba2a23ee6c81479f21c5d918fd

Targets

- Target
  
  9697d0ca386be540d9acb955cf074ca3aec0f7248f62c275751e83ac5947645d
- Size
  
  32KB
- MD5
  
  01285e4a7c3a833728dd600fa8f33d93
- SHA1
  
  4636ab9028287ddfe799dc6465d7b2666f6d6f47
- SHA256
  
  9697d0ca386be540d9acb955cf074ca3aec0f7248f62c275751e83ac5947645d
- SHA512
  
  e86e740378282fc577c7f9a50c7ba70647924f42471f5a016a16cb3395c1777b3f6be04f99995c5ab16dff808dc52f46005869497b98be8e6f3dc85dd15dae0b
Score

10^/10

njrat 좀비 evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrat좀비evasionpersistencetrojan

behavioral2

njrat좀비evasionpersistencetrojan