njrat | 814a0b12bfb5ecc8f4075386f0ae709ed5205e47f9b3507a5044d64e387ed400 | Triage

Sharing

General

Target

814a0b12bfb5ecc8f4075386f0ae709ed5205e47f9b3507a5044d64e387ed400
Size

129KB
Sample

220129-gfdcfsedc4
MD5

02ee963115af7db8b3ba7df8c8b53611
SHA1

1e11a53ad9c20bb9fc3c7a9d7c35168189df1464
SHA256

814a0b12bfb5ecc8f4075386f0ae709ed5205e47f9b3507a5044d64e387ed400
SHA512

0bdbf2dda800dd65b98214d507cb954986b4ea732ca1ef4f319858ceb525163dea8ba651a74e7b0cdbb81e37285da3b5b8746b432be04d6c7ede683357275070

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  814a0b12bfb5ecc8f4075386f0ae709ed5205e47f9b3507a5044d64e387ed400
- Size
  
  129KB
- MD5
  
  02ee963115af7db8b3ba7df8c8b53611
- SHA1
  
  1e11a53ad9c20bb9fc3c7a9d7c35168189df1464
- SHA256
  
  814a0b12bfb5ecc8f4075386f0ae709ed5205e47f9b3507a5044d64e387ed400
- SHA512
  
  0bdbf2dda800dd65b98214d507cb954986b4ea732ca1ef4f319858ceb525163dea8ba651a74e7b0cdbb81e37285da3b5b8746b432be04d6c7ede683357275070
Score

10^/10

njrat evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratevasionpersistencetrojan

behavioral2

njratevasionpersistencetrojan