njrat | c03ecd84149d907b8f5d94cc0a05f17c992e14fe6edadacf6fcd4e2c24ad4225 | Triage

Sharing

General

Target

c03ecd84149d907b8f5d94cc0a05f17c992e14fe6edadacf6fcd4e2c24ad4225
Size

31KB
Sample

220520-1vgszaecf8
MD5

beb395aa0e40752fb1723a1244a6bccd
SHA1

5be7634c81e1d315fd4fcd136f8835f7adfad34d
SHA256

c03ecd84149d907b8f5d94cc0a05f17c992e14fe6edadacf6fcd4e2c24ad4225
SHA512

4422f469612f668edc07fb9c85c3524746765777245708f9370485182dbbbb903882b3be302224c7f7f847920cccf22b98aca9b01fc4e8b512aa59c4163c34ed

Score

10^/10

njrat chit na roblox evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

chit na roblox

C2

192.168.0.11:7777

Mutex

edaa08b2575d115392c90c3f5fc35ac1

Attributes

reg_key
edaa08b2575d115392c90c3f5fc35ac1
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  c03ecd84149d907b8f5d94cc0a05f17c992e14fe6edadacf6fcd4e2c24ad4225
- Size
  
  31KB
- MD5
  
  beb395aa0e40752fb1723a1244a6bccd
- SHA1
  
  5be7634c81e1d315fd4fcd136f8835f7adfad34d
- SHA256
  
  c03ecd84149d907b8f5d94cc0a05f17c992e14fe6edadacf6fcd4e2c24ad4225
- SHA512
  
  4422f469612f668edc07fb9c85c3524746765777245708f9370485182dbbbb903882b3be302224c7f7f847920cccf22b98aca9b01fc4e8b512aa59c4163c34ed
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

chit na robloxnjrat

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan