njrat | 09d0cd4748be6b5295590631c6eef84bc581263f5b51d0004822fa08fbb4fd17 | Triage

Sharing

General

Target

09d0cd4748be6b5295590631c6eef84bc581263f5b51d0004822fa08fbb4fd17
Size

157KB
Sample

220520-3b459sgfb3
MD5

5c90fb934cca08cbdbf45b0859ded3fe
SHA1

49eb65e8e323fd4ed0e55b6e5f5a1feb62f9fd2a
SHA256

09d0cd4748be6b5295590631c6eef84bc581263f5b51d0004822fa08fbb4fd17
SHA512

4b3ee48b31c2e0f9692382085aa18c98f5e28097836d10da646619ed5990c8f056ffd06165e0c2a0737363c2ca96e72ed64b0e989145f8821a1edd3052277779

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  09d0cd4748be6b5295590631c6eef84bc581263f5b51d0004822fa08fbb4fd17
- Size
  
  157KB
- MD5
  
  5c90fb934cca08cbdbf45b0859ded3fe
- SHA1
  
  49eb65e8e323fd4ed0e55b6e5f5a1feb62f9fd2a
- SHA256
  
  09d0cd4748be6b5295590631c6eef84bc581263f5b51d0004822fa08fbb4fd17
- SHA512
  
  4b3ee48b31c2e0f9692382085aa18c98f5e28097836d10da646619ed5990c8f056ffd06165e0c2a0737363c2ca96e72ed64b0e989145f8821a1edd3052277779
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan