njrat | 16711fb77b9bdbb54d864698ea4a44f69f341569814a839edb62843ddfaa06fe | Triage

Sharing

General

Target

16711fb77b9bdbb54d864698ea4a44f69f341569814a839edb62843ddfaa06fe
Size

23KB
Sample

220326-xq8jcagce2
MD5

15d26cca384c7fbd2359d68cabf160a9
SHA1

0ee750df654399e0021d7d6176f332a32b4ca9ec
SHA256

16711fb77b9bdbb54d864698ea4a44f69f341569814a839edb62843ddfaa06fe
SHA512

e112d0bd235979d4fdcd7f2cb29d7ee5b52631bea7117e04ee49e520c7546a862da78e7c125ade31a74ded962986039add8fe5b26ce000cf4d39b78933c0290d

Score

10^/10

njrat backup evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

BackUp

C2

2.56.214.165:5552

Mutex

23d12d0af84ec3be5752121ae56aa4db

Attributes

reg_key
23d12d0af84ec3be5752121ae56aa4db
splitter
|'|'|

Targets

- Target
  
  16711fb77b9bdbb54d864698ea4a44f69f341569814a839edb62843ddfaa06fe
- Size
  
  23KB
- MD5
  
  15d26cca384c7fbd2359d68cabf160a9
- SHA1
  
  0ee750df654399e0021d7d6176f332a32b4ca9ec
- SHA256
  
  16711fb77b9bdbb54d864698ea4a44f69f341569814a839edb62843ddfaa06fe
- SHA512
  
  e112d0bd235979d4fdcd7f2cb29d7ee5b52631bea7117e04ee49e520c7546a862da78e7c125ade31a74ded962986039add8fe5b26ce000cf4d39b78933c0290d
Score

10^/10

njrat backup evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratbackupevasionpersistencetrojan

behavioral2