njrat | 751603c717a7896ed44dc63efcba3afc39701b4cf7abd2c36dd071559b2e4409 | Triage

Sharing

General

Target

Server.exe
Size

23KB
Sample

211210-xrmchahec2
MD5

5897ddef374e1016e25a472c6642ee0a
SHA1

dfbaf5807431786f81f8e6d56fd6c6620b6c6a5e
SHA256

751603c717a7896ed44dc63efcba3afc39701b4cf7abd2c36dd071559b2e4409
SHA512

573950b220f41ddd86b4dcbae1b0daf8befe14081395c240cbd4e9e33fbfb9ebad0f515ff0e2a2fd27bfae35ae49035148e0fdb9d4fb85213684d8d89ebd968a

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

2.tcp.ngrok.io:555

Mutex

dc077b5d215838806e7b74f5d84b3e9e

Attributes

reg_key
dc077b5d215838806e7b74f5d84b3e9e
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  23KB
- MD5
  
  5897ddef374e1016e25a472c6642ee0a
- SHA1
  
  dfbaf5807431786f81f8e6d56fd6c6620b6c6a5e
- SHA256
  
  751603c717a7896ed44dc63efcba3afc39701b4cf7abd2c36dd071559b2e4409
- SHA512
  
  573950b220f41ddd86b4dcbae1b0daf8befe14081395c240cbd4e9e33fbfb9ebad0f515ff0e2a2fd27bfae35ae49035148e0fdb9d4fb85213684d8d89ebd968a
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan