njrat | c3009a51b416c6a22a6c044cbf0b7a9a9b863a7632da9a4e01efc08aec2bd37e

General

Target

c3009a51b416c6a22a6c044cbf0b7a9a9b863a7632da9a4e01efc08aec2bd37e
Size

546KB
Sample

220129-sjb5cadbc5
MD5

d297e0db6d63a952b08b6f0e3fe101e7
SHA1

52da80a4605dd658284a4a510861ed875bfb3dd4
SHA256

c3009a51b416c6a22a6c044cbf0b7a9a9b863a7632da9a4e01efc08aec2bd37e
SHA512

66224735ce06bb86a5d28e4c7d2afe0f06865a0e669ddfdbbac5bcf34e27c5955bede4562517b67cd63320b625b37928c6e5b8267c6dafd7bd37ce583fffc451

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

fun4.dynu.com:448

Mutex

cbc1d7b7c6f9fb9936651e38f1223080

Attributes

reg_key
cbc1d7b7c6f9fb9936651e38f1223080
splitter
|'|'|

Targets

- Target
  
  c3009a51b416c6a22a6c044cbf0b7a9a9b863a7632da9a4e01efc08aec2bd37e
- Size
  
  546KB
- MD5
  
  d297e0db6d63a952b08b6f0e3fe101e7
- SHA1
  
  52da80a4605dd658284a4a510861ed875bfb3dd4
- SHA256
  
  c3009a51b416c6a22a6c044cbf0b7a9a9b863a7632da9a4e01efc08aec2bd37e
- SHA512
  
  66224735ce06bb86a5d28e4c7d2afe0f06865a0e669ddfdbbac5bcf34e27c5955bede4562517b67cd63320b625b37928c6e5b8267c6dafd7bd37ce583fffc451
Score

10^/10

njrat hacked evasion persistence trojan
- Registers COM server for autorun
  persistence
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Registers COM server for autorun

njRAT/Bladabindi

Executes dropped EXE

Modifies Windows Firewall

Drops startup file

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2