njrat | f14dee8058e2a8c371f5db38d937a824a0ce9099513a001ac9eb9133f53c2d0c | Triage

Sharing

General

Target

f14dee8058e2a8c371f5db38d937a824a0ce9099513a001ac9eb9133f53c2d0c
Size

159KB
Sample

220520-1y9m6aedh2
MD5

f6059e332e31a0fca90cadc7a4fe0f63
SHA1

82aac1683987885cff1c3048bad86452ab86b402
SHA256

f14dee8058e2a8c371f5db38d937a824a0ce9099513a001ac9eb9133f53c2d0c
SHA512

c766658a190087bc5a81da5b10e8d484120115fca3923a863baf4b667f9ab8afed16b7bc7fd536883d14f031bccb5cec3a755b94d99c2f65ac1ec8aa88fdd7a6

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  f14dee8058e2a8c371f5db38d937a824a0ce9099513a001ac9eb9133f53c2d0c
- Size
  
  159KB
- MD5
  
  f6059e332e31a0fca90cadc7a4fe0f63
- SHA1
  
  82aac1683987885cff1c3048bad86452ab86b402
- SHA256
  
  f14dee8058e2a8c371f5db38d937a824a0ce9099513a001ac9eb9133f53c2d0c
- SHA512
  
  c766658a190087bc5a81da5b10e8d484120115fca3923a863baf4b667f9ab8afed16b7bc7fd536883d14f031bccb5cec3a755b94d99c2f65ac1ec8aa88fdd7a6
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan