njrat | hxxps://youtube[.]com

Resubmissions

16-12-2021 19:08

211216-xs71lacgb7 10

16-12-2021 18:46

16-12-2021 18:41

16-12-2021 18:34

16-12-2021 18:31

16-12-2021 18:20

16-12-2021 18:16

Sharing

Copy URL

Twitter E-mail

General

Target

https://youtube.com
Sample

211216-wwsveaddcp

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Slaves

hom135.ddns.net:100

Mutex

d4903fdacbb79e6cd1109a741a2bc821

Attributes

reg_key
d4903fdacbb79e6cd1109a741a2bc821
splitter
|'|'|

Targets

- Target
  
  https://youtube.com
Score

10^/10

njrat slaves evasion persistence trojan upx
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

Executes dropped EXE

Modifies Windows Firewall

UPX packed file

Drops startup file

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

urlscan1

behavioral1