njrat | hxxps://anonfiles[.]com/ffO7Aaw1w5/Netflix_Tools_PACK_rar

General

Target

https://anonfiles.com/ffO7Aaw1w5/Netflix_Tools_PACK_rar
Sample

211220-kfpl9sahbl

Score

10^/10

njrat pc_evasion trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://6.top4top.net/p_13529t6r71.jpg

Extracted

Family

njrat

Version

0.7d

Botnet

PC_

C2

hccr.sytes.net:1411

Mutex

460557edf4b4cbfb08eadcebcbd28364

Attributes

reg_key
460557edf4b4cbfb08eadcebcbd28364
splitter
|'|'|

Targets

- Target
  
  https://anonfiles.com/ffO7Aaw1w5/Netflix_Tools_PACK_rar
Score

10^/10

njrat pc_evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Executes dropped EXE

Modifies Windows Firewall

Loads dropped DLL

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

urlscan1

behavioral1