njrat | 5aeabf6af7ec72e14269699ca9c32c42b278b620c523efacd06316b09764acb4 | Triage

Sharing

General

Target

5aeabf6af7ec72e14269699ca9c32c42b278b620c523efacd06316b09764acb4
Size

216KB
Sample

220121-3lch1adbd4
MD5

90b1135d0678e51273bdd36523b59f98
SHA1

827ec99df4e10e99e4095a8ddbb95398a90ae728
SHA256

5aeabf6af7ec72e14269699ca9c32c42b278b620c523efacd06316b09764acb4
SHA512

b8b26661053a81eaf9f86109d947ef07f30bbf77113e67bc7e2397dfafeeebd37b279801b0c3edc759dedb68659ec494f963824423a85809c0a4c7aa81167727

Score

10^/10

njrat fifa 2020 persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

FIFA 2020

C2

federa.duckdns.org:1990

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
1990

Targets

- Target
  
  5aeabf6af7ec72e14269699ca9c32c42b278b620c523efacd06316b09764acb4
- Size
  
  216KB
- MD5
  
  90b1135d0678e51273bdd36523b59f98
- SHA1
  
  827ec99df4e10e99e4095a8ddbb95398a90ae728
- SHA256
  
  5aeabf6af7ec72e14269699ca9c32c42b278b620c523efacd06316b09764acb4
- SHA512
  
  b8b26661053a81eaf9f86109d947ef07f30bbf77113e67bc7e2397dfafeeebd37b279801b0c3edc759dedb68659ec494f963824423a85809c0a4c7aa81167727
Score

10^/10

njrat fifa 2020 persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratfifa 2020persistencetrojan

behavioral2

njratfifa 2020persistencetrojan