njrat | 8774a2f15efbfc88e6a7c1831074909d1fbddbe895f2d900b111ccce16178c03 | Triage

Sharing

General

Target

tmp/42b65022-e76e-41d7-94f1-6dd7b719243c_server.exe
Size

22KB
Sample

211215-22nersage9
MD5

c53d13780336aefe9b4318b19eba09a0
SHA1

90682596f5da8e19c88f77d74a569d8da8521cfa
SHA256

8774a2f15efbfc88e6a7c1831074909d1fbddbe895f2d900b111ccce16178c03
SHA512

9a7249c1d5e33add5b0d84dee20e5641789d202f774e77e3a902271550e88f35f2a7d0f70a151a46908d87d91e19641296e6e4ec94d5ba52aec65ef73a3c4c83

Score

10^/10

njrat test evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

test

C2

127.0.0.1:1443

Mutex

74cc423dce7f45f8f93124254b62aa00

Attributes

reg_key
74cc423dce7f45f8f93124254b62aa00
splitter
|'|'|

Targets

- Target
  
  tmp/42b65022-e76e-41d7-94f1-6dd7b719243c_server.exe
- Size
  
  22KB
- MD5
  
  c53d13780336aefe9b4318b19eba09a0
- SHA1
  
  90682596f5da8e19c88f77d74a569d8da8521cfa
- SHA256
  
  8774a2f15efbfc88e6a7c1831074909d1fbddbe895f2d900b111ccce16178c03
- SHA512
  
  9a7249c1d5e33add5b0d84dee20e5641789d202f774e77e3a902271550e88f35f2a7d0f70a151a46908d87d91e19641296e6e4ec94d5ba52aec65ef73a3c4c83
Score

10^/10

njrat test evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrattestevasionpersistencetrojan

behavioral2

njrattestevasionpersistencetrojan