njrat | dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830 | Triage

Sharing

General

Target

dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830
Size

23KB
Sample

220106-hptapsbaf6
MD5

2fa7c63ebf9d914771859f491962d1c6
SHA1

35e2a1c81246bf5f8db26f5cd3ceec4b204437ee
SHA256

dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830
SHA512

ca202dc03f07fbce078e93d9f4b6c58fdd1554e633e4ddb9aecfbce2dacd16dff2dda6a8063526926e445fa6f667020f2146ed78921f57213b10739d257cc5ef

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

stub.ignorelist.com:5552

Mutex

a9e33c55fed81c9768296d22e0804298

Attributes

reg_key
a9e33c55fed81c9768296d22e0804298
splitter
|'|'|

Targets

- Target
  
  dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830
- Size
  
  23KB
- MD5
  
  2fa7c63ebf9d914771859f491962d1c6
- SHA1
  
  35e2a1c81246bf5f8db26f5cd3ceec4b204437ee
- SHA256
  
  dfd64e1ef1c5f78a9ffaf9484ad944428a42c506d4bdd4abd06c36af1286f830
- SHA512
  
  ca202dc03f07fbce078e93d9f4b6c58fdd1554e633e4ddb9aecfbce2dacd16dff2dda6a8063526926e445fa6f667020f2146ed78921f57213b10739d257cc5ef
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan