njrat | 306437a282f51a0c6ecd6e3eaab2ef9fc376973da40ae0972bee7ea3839d0909 | Triage

Sharing

General

Target

306437A282F51A0C6ECD6E3EAAB2EF9FC376973DA40AE.exe
Size

27KB
Sample

220102-xhg2esafg6
MD5

03aaaf240a48f950913695178125016a
SHA1

b7fe1523b02d05539f769f4beead332e5f0e18bc
SHA256

306437a282f51a0c6ecd6e3eaab2ef9fc376973da40ae0972bee7ea3839d0909
SHA512

6af11725e06efd01ca1429e567ca93d608436b165a23229eea623e25291967ce3f057af5c596974d86a5e0c55b38a27a0b121471f2b49cd25c543e77ce09460d

Score

10^/10

njrat hacked persistence trojan

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

zaki-botnet.portmap.host:5222

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  306437A282F51A0C6ECD6E3EAAB2EF9FC376973DA40AE.exe
- Size
  
  27KB
- MD5
  
  03aaaf240a48f950913695178125016a
- SHA1
  
  b7fe1523b02d05539f769f4beead332e5f0e18bc
- SHA256
  
  306437a282f51a0c6ecd6e3eaab2ef9fc376973da40ae0972bee7ea3839d0909
- SHA512
  
  6af11725e06efd01ca1429e567ca93d608436b165a23229eea623e25291967ce3f057af5c596974d86a5e0c55b38a27a0b121471f2b49cd25c543e77ce09460d
Score

10^/10

njrat hacked persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedpersistencetrojan

behavioral2

njrathackedpersistencetrojan