njrat | 877968fc395c36225759ca3a735c35ee708a1be05b23b35c8efa8c7b8ef86061 | Triage

Sharing

General

Target

29761cea6322ff4d985807bd6367ccd0.exe
Size

37KB
Sample

220327-tx3d5aefcn
MD5

29761cea6322ff4d985807bd6367ccd0
SHA1

c66cea52ca72cc85344a55f872a1b77fad4e895b
SHA256

877968fc395c36225759ca3a735c35ee708a1be05b23b35c8efa8c7b8ef86061
SHA512

fad86ad9faf1357259386344ac5e7b047c09dd75be017c2bfd907ba6c8c0e2a98a3102881cbba9c71f2c1259e2a72b0146be16137af3618cc675d08d9f31852e

Score

10^/10

njrat bot evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Bot

C2

94.244.28.246:31280

Mutex

88f496bc65b64e4436a26a2698687f66

Attributes

reg_key
88f496bc65b64e4436a26a2698687f66
splitter
|'|'|

Targets

- Target
  
  29761cea6322ff4d985807bd6367ccd0.exe
- Size
  
  37KB
- MD5
  
  29761cea6322ff4d985807bd6367ccd0
- SHA1
  
  c66cea52ca72cc85344a55f872a1b77fad4e895b
- SHA256
  
  877968fc395c36225759ca3a735c35ee708a1be05b23b35c8efa8c7b8ef86061
- SHA512
  
  fad86ad9faf1357259386344ac5e7b047c09dd75be017c2bfd907ba6c8c0e2a98a3102881cbba9c71f2c1259e2a72b0146be16137af3618cc675d08d9f31852e
Score

10^/10

njrat bot evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

njratbotevasionpersistencetrojan

behavioral2