njrat | d8b1f0b39fd78111c2ed94874f825c9d7bac3f9030ba7e32785a2d850675711b | Triage

Sharing

General

Target

cebac35d906c33acfc7cdc600947a698.exe
Size

37KB
Sample

211213-va5fmsdhd5
MD5

cebac35d906c33acfc7cdc600947a698
SHA1

4ce8583cdc3dbbd77f6a9b5d9b97e06ca924e0aa
SHA256

d8b1f0b39fd78111c2ed94874f825c9d7bac3f9030ba7e32785a2d850675711b
SHA512

0a15ff5f66fd6166a282a9e9955ddcd4a61e9973651d191f2c33324af47de0dc60f87b9ec01d6586a81c06e9d427ee243e26fa43c05b0fc27af1b66fcc693a49

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

37.1.222.208:5654

Mutex

b81bff9c53a9dd51dda35cedf504c018

Attributes

reg_key
b81bff9c53a9dd51dda35cedf504c018
splitter
|'|'|

Targets

- Target
  
  cebac35d906c33acfc7cdc600947a698.exe
- Size
  
  37KB
- MD5
  
  cebac35d906c33acfc7cdc600947a698
- SHA1
  
  4ce8583cdc3dbbd77f6a9b5d9b97e06ca924e0aa
- SHA256
  
  d8b1f0b39fd78111c2ed94874f825c9d7bac3f9030ba7e32785a2d850675711b
- SHA512
  
  0a15ff5f66fd6166a282a9e9955ddcd4a61e9973651d191f2c33324af47de0dc60f87b9ec01d6586a81c06e9d427ee243e26fa43c05b0fc27af1b66fcc693a49
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan