njrat | 9ba526eaa176389b20e270129a403934a9625fdee27f1ad36ed20289f178421c | Triage

Sharing

General

Target

#461432638.exe
Size

979KB
Sample

220121-vxkdzsade2
MD5

29bf474d20e0b17a36577c6e903e8afb
SHA1

11cf027edff4d91c634b23972c612a9998b7173f
SHA256

9ba526eaa176389b20e270129a403934a9625fdee27f1ad36ed20289f178421c
SHA512

bab8419ec4c686e01f173ee23a21c4345c8e2f0cf1bd32d7302993b0cdc513b897563f7bb14b589b7920aedec4c027d74fa8924c72a11c83884ddc5b74484cb4

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Targets

- Target
  
  #461432638.exe
- Size
  
  979KB
- MD5
  
  29bf474d20e0b17a36577c6e903e8afb
- SHA1
  
  11cf027edff4d91c634b23972c612a9998b7173f
- SHA256
  
  9ba526eaa176389b20e270129a403934a9625fdee27f1ad36ed20289f178421c
- SHA512
  
  bab8419ec4c686e01f173ee23a21c4345c8e2f0cf1bd32d7302993b0cdc513b897563f7bb14b589b7920aedec4c027d74fa8924c72a11c83884ddc5b74484cb4
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan