njrat | dd2e456d8c219c112ebf0d877da739ee9b56800e0e32280a2fdbea3781c8d5ea | Triage

Sharing

General

Target

dd2e456d8c219c112ebf0d877da739ee9b56800e0e32280a2fdbea3781c8d5ea
Size

23KB
Sample

220121-21wdzscbb7
MD5

14c9d9e1c3f8fdb224f8877313958af5
SHA1

5db785abbfffb9f687e2ccddabd6a837383f8c4b
SHA256

dd2e456d8c219c112ebf0d877da739ee9b56800e0e32280a2fdbea3781c8d5ea
SHA512

70ae376ec36acf2d5b6bb4a3a039f5f7ef6bbdd911016c5843d582e36546bc87b98347227b58355e498bd8f183b03f3732daae9755fb9d5be6b8320ea2b30350

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

rootx.ddns.net:1993

Mutex

4eaa2408a505bc0920f44b7eb6a94ef3

Attributes

reg_key
4eaa2408a505bc0920f44b7eb6a94ef3
splitter
|'|'|

Targets

- Target
  
  dd2e456d8c219c112ebf0d877da739ee9b56800e0e32280a2fdbea3781c8d5ea
- Size
  
  23KB
- MD5
  
  14c9d9e1c3f8fdb224f8877313958af5
- SHA1
  
  5db785abbfffb9f687e2ccddabd6a837383f8c4b
- SHA256
  
  dd2e456d8c219c112ebf0d877da739ee9b56800e0e32280a2fdbea3781c8d5ea
- SHA512
  
  70ae376ec36acf2d5b6bb4a3a039f5f7ef6bbdd911016c5843d582e36546bc87b98347227b58355e498bd8f183b03f3732daae9755fb9d5be6b8320ea2b30350
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan