njrat | 81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92 | Triage

Sharing

General

Target

81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92
Size

1012KB
Sample

220121-3dy22acgf5
MD5

a60b0e5cd78850a7ac0912bfa464640a
SHA1

a0083fce727c42a3e5b359ce7677573175b7fee1
SHA256

81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92
SHA512

8a9d9858fb59f7c40f13e016645c9239ec3ff33ed8f55295303cc7986493871a93123cf2df15ac1d926d9c5e80ea85fd5fb9a4f19546190d4449eba88892a0ac

Score

10^/10

njrat zzzpam persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

zzZpam

C2

dominoduck2070.duckdns.org:2093

Mutex

Chrome.exe

Attributes

reg_key
Chrome.exe
splitter
1193

Targets

- Target
  
  81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92
- Size
  
  1012KB
- MD5
  
  a60b0e5cd78850a7ac0912bfa464640a
- SHA1
  
  a0083fce727c42a3e5b359ce7677573175b7fee1
- SHA256
  
  81392d047dfd568341b4adc8191804dfb0567bc92eb0c60d71e2d277e6178a92
- SHA512
  
  8a9d9858fb59f7c40f13e016645c9239ec3ff33ed8f55295303cc7986493871a93123cf2df15ac1d926d9c5e80ea85fd5fb9a4f19546190d4449eba88892a0ac
Score

10^/10

njrat zzzpam persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratzzzpampersistencetrojan

behavioral2

njratzzzpampersistencetrojan