njrat | fcfa50ca0d4dcf2bb6e96e7b7a223138068f2d6a458d2630757e3bcbe0684aaa | Triage

Sharing

General

Target

tmp/ecba483f-91b4-48f5-bdb9-4e928a6107c2_w.exe
Size

23KB
Sample

211223-fprqrshab7
MD5

253c0a7c550a95472eb3e94bdc958597
SHA1

7d0c637530af513dfa2beb7106414717520fd38b
SHA256

fcfa50ca0d4dcf2bb6e96e7b7a223138068f2d6a458d2630757e3bcbe0684aaa
SHA512

c183bda213fb008f8fc431183dbf4b7c1fb70b0bcf423205a3beea0399848ddaa75142692e386d8dfb8e61549b84ed59cb12a39151ae8b49629189f279d389e8

Score

10^/10

njrat prueba evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

prueba

C2

shvchosts.ddns.net:9443

Mutex

f7d3b79624476341312866012d0bbf19

Attributes

reg_key
f7d3b79624476341312866012d0bbf19
splitter
|'|'|

Targets

- Target
  
  tmp/ecba483f-91b4-48f5-bdb9-4e928a6107c2_w.exe
- Size
  
  23KB
- MD5
  
  253c0a7c550a95472eb3e94bdc958597
- SHA1
  
  7d0c637530af513dfa2beb7106414717520fd38b
- SHA256
  
  fcfa50ca0d4dcf2bb6e96e7b7a223138068f2d6a458d2630757e3bcbe0684aaa
- SHA512
  
  c183bda213fb008f8fc431183dbf4b7c1fb70b0bcf423205a3beea0399848ddaa75142692e386d8dfb8e61549b84ed59cb12a39151ae8b49629189f279d389e8
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan