njrat | e72b7749fccfc2e3181f99d9c92bdca8080de4cb1f09c8c8423c60a3d41f5993 | Triage

Sharing

General

Target

aeb242a8f4b10dde2b9012e312f00955.exe
Size

368KB
Sample

211220-k816rsaba4
MD5

aeb242a8f4b10dde2b9012e312f00955
SHA1

e4517b996a6e4ef077b952dd9bfbb2e70c1cba8e
SHA256

e72b7749fccfc2e3181f99d9c92bdca8080de4cb1f09c8c8423c60a3d41f5993
SHA512

3301efbd05381314f9fcd412524676776c6805678070ddee8b5e934a0e72da994c25278361ef386380cc089416cdea1f1a2abf3ef4b14f2106300db1ec15fcb3

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

8.tcp.ngrok.io:12312

Mutex

4a0fa237240fa8f6245602cce20e810d

Attributes

reg_key
4a0fa237240fa8f6245602cce20e810d
splitter
|'|'|

Targets

- Target
  
  aeb242a8f4b10dde2b9012e312f00955.exe
- Size
  
  368KB
- MD5
  
  aeb242a8f4b10dde2b9012e312f00955
- SHA1
  
  e4517b996a6e4ef077b952dd9bfbb2e70c1cba8e
- SHA256
  
  e72b7749fccfc2e3181f99d9c92bdca8080de4cb1f09c8c8423c60a3d41f5993
- SHA512
  
  3301efbd05381314f9fcd412524676776c6805678070ddee8b5e934a0e72da994c25278361ef386380cc089416cdea1f1a2abf3ef4b14f2106300db1ec15fcb3
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan