njrat | a64f19b56502ea2f64a13ef798bf7f096e45914f047d3565a5f21ca5125c0166 | Triage

Sharing

General

Target

06eb3d1ff3e1ed7223cf3a1e4b67b591.exe
Size

103KB
Sample

211221-2qjbnsega2
MD5

06eb3d1ff3e1ed7223cf3a1e4b67b591
SHA1

dfd5887967a146fee1443b168c5b3a4392a525b0
SHA256

a64f19b56502ea2f64a13ef798bf7f096e45914f047d3565a5f21ca5125c0166
SHA512

96a33f1f46a3638d6252fd79f8848c1a7f89b8ca68ee4b242096edec6005e9203c4a3203731b7ccf11b1d537c1049a7845d959e7707d2add48fa33cece0b563d

Score

10^/10

njrat da evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

da

C2

0.tcp.ngrok.io:12926

Mutex

8b37807561dd66634f141ff74bcb62fb

Attributes

reg_key
8b37807561dd66634f141ff74bcb62fb
splitter
|'|'|

Targets

- Target
  
  06eb3d1ff3e1ed7223cf3a1e4b67b591.exe
- Size
  
  103KB
- MD5
  
  06eb3d1ff3e1ed7223cf3a1e4b67b591
- SHA1
  
  dfd5887967a146fee1443b168c5b3a4392a525b0
- SHA256
  
  a64f19b56502ea2f64a13ef798bf7f096e45914f047d3565a5f21ca5125c0166
- SHA512
  
  96a33f1f46a3638d6252fd79f8848c1a7f89b8ca68ee4b242096edec6005e9203c4a3203731b7ccf11b1d537c1049a7845d959e7707d2add48fa33cece0b563d
Score

10^/10

njrat da evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratdaevasionpersistencetrojan

behavioral2

njratdaevasionpersistencetrojan