njrat | e4d1ed3eca417e52557775993d92b2b024142a5ddb45ea7a3a6dda5e13c0996e | Triage

Sharing

General

Target

e4d1ed3eca417e52557775993d92b2b024142a5ddb45ea7a3a6dda5e13c0996e
Size

32KB
Sample

220201-p3bq5shcam
MD5

c46951673df2e5eedcb916b5a8497561
SHA1

1b889a45bb44e82a93f6932f1223445c4c3af313
SHA256

e4d1ed3eca417e52557775993d92b2b024142a5ddb45ea7a3a6dda5e13c0996e
SHA512

5db169c8f54726f24dca95be063fdb436fad272163fcff3ac47c24a99766756570fd78f933e73f77227e5722d7f41706407f79c74e6f8bc48efc591924f17afb

Score

10^/10

njrat sad nigga hours evasion persistence trojan

Malware Config

Extracted

Family

njrat

Botnet

SAD NIGGA HOURS

Mutex

06ba6a3d895af3b2b6823852ec271c67

Attributes

reg_key
06ba6a3d895af3b2b6823852ec271c67

Targets

- Target
  
  e4d1ed3eca417e52557775993d92b2b024142a5ddb45ea7a3a6dda5e13c0996e
- Size
  
  32KB
- MD5
  
  c46951673df2e5eedcb916b5a8497561
- SHA1
  
  1b889a45bb44e82a93f6932f1223445c4c3af313
- SHA256
  
  e4d1ed3eca417e52557775993d92b2b024142a5ddb45ea7a3a6dda5e13c0996e
- SHA512
  
  5db169c8f54726f24dca95be063fdb436fad272163fcff3ac47c24a99766756570fd78f933e73f77227e5722d7f41706407f79c74e6f8bc48efc591924f17afb
Score

10^/10

njrat sad nigga hours evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Sets service image path in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

sad nigga hoursnjrat

behavioral1

njratsad nigga hoursevasionpersistencetrojan

behavioral2