njrat | f2fb421609e2852f7e02a8ba392ae3d14323955c45cd009209983018127702d9 | Triage

Sharing

General

Target

f2fb421609e2852f7e02a8ba392ae3d14323955c45cd009209983018127702d9
Size

975KB
Sample

220324-n9a8hsdchj
MD5

ca72b73aba200b57bdc8db9e4e46bd10
SHA1

742ca0e2a07ed00c810ea3cefdf11f863044b823
SHA256

f2fb421609e2852f7e02a8ba392ae3d14323955c45cd009209983018127702d9
SHA512

2232598e4458e1d83b10c73c44cb3311dfa7f1c5a6e39e3b098b23676a9e66d1cbf12e139d852246642d619b9fbb100b94f02864dc2d1990cb426a0685cba8a2

Score

10^/10

njrat hacked by hidden person evasion persistence trojan

Malware Config

Extracted

Family

njrat

Botnet

Hacked By HiDDen PerSOn

Mutex

baefe8802707c492427873126d0983f6

Attributes

reg_key
baefe8802707c492427873126d0983f6

Targets

- Target
  
  f2fb421609e2852f7e02a8ba392ae3d14323955c45cd009209983018127702d9
- Size
  
  975KB
- MD5
  
  ca72b73aba200b57bdc8db9e4e46bd10
- SHA1
  
  742ca0e2a07ed00c810ea3cefdf11f863044b823
- SHA256
  
  f2fb421609e2852f7e02a8ba392ae3d14323955c45cd009209983018127702d9
- SHA512
  
  2232598e4458e1d83b10c73c44cb3311dfa7f1c5a6e39e3b098b23676a9e66d1cbf12e139d852246642d619b9fbb100b94f02864dc2d1990cb426a0685cba8a2
Score

10^/10

njrat hacked by hidden person evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathacked by hidden personevasionpersistencetrojan

behavioral2

njrathacked by hidden personpersistencetrojan