njrat | 8f0041ef66cd6262fb4a1b5c05ed0c0fe5b17322bbb8394efd65fcbb33adfae3 | Triage

Sharing

General

Target

b391dff3fa3c24f90d436a02dd0d2683.exe
Size

37KB
Sample

211211-ggv9naagf2
MD5

b391dff3fa3c24f90d436a02dd0d2683
SHA1

7e0fd1cd21941be2542ffb77d808b1dbd3c90566
SHA256

8f0041ef66cd6262fb4a1b5c05ed0c0fe5b17322bbb8394efd65fcbb33adfae3
SHA512

3a3d025d3f8eade79808c801dc98938843627dba6a6a9e794dc4b0990d86caaf4ec308d3b479712f049eb4be23097dc3c79d7719bc0b634b425889857edf9282

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

2.tcp.ngrok.io:16295

Mutex

59596196f8ae2919cd21fc46c7e7acf0

Attributes

reg_key
59596196f8ae2919cd21fc46c7e7acf0
splitter
|'|'|

Targets

- Target
  
  b391dff3fa3c24f90d436a02dd0d2683.exe
- Size
  
  37KB
- MD5
  
  b391dff3fa3c24f90d436a02dd0d2683
- SHA1
  
  7e0fd1cd21941be2542ffb77d808b1dbd3c90566
- SHA256
  
  8f0041ef66cd6262fb4a1b5c05ed0c0fe5b17322bbb8394efd65fcbb33adfae3
- SHA512
  
  3a3d025d3f8eade79808c801dc98938843627dba6a6a9e794dc4b0990d86caaf4ec308d3b479712f049eb4be23097dc3c79d7719bc0b634b425889857edf9282
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan