njrat | 57fdfbe8acee9032a6c2a32d3c2e10617950d20172377609a19837bd483946b2 | Triage

Sharing

General

Target

57fdfbe8acee9032a6c2a32d3c2e10617950d20172377609a19837bd483946b2
Size

31KB
Sample

220520-3n412ahcc2
MD5

4f3e84c18e3a34702425f1b18dfd9175
SHA1

40230d16bc9a3a44ecb1b0ce56ca0ddde7180828
SHA256

57fdfbe8acee9032a6c2a32d3c2e10617950d20172377609a19837bd483946b2
SHA512

8a8aa5b19f5138029fe0fb36ef0165984e1a112e16ff3a3fe79395cf0eea8490cac48b9043d2d6a6ed046433e76aab38e7f817f25b2dc0fd04abe7e773c3d7ee

Score

10^/10

njrat mybot evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

192.168.1.102:6522

Mutex

c2f9fbb16b6483ddb3e9b4ef16e4325b

Attributes

reg_key
c2f9fbb16b6483ddb3e9b4ef16e4325b
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  57fdfbe8acee9032a6c2a32d3c2e10617950d20172377609a19837bd483946b2
- Size
  
  31KB
- MD5
  
  4f3e84c18e3a34702425f1b18dfd9175
- SHA1
  
  40230d16bc9a3a44ecb1b0ce56ca0ddde7180828
- SHA256
  
  57fdfbe8acee9032a6c2a32d3c2e10617950d20172377609a19837bd483946b2
- SHA512
  
  8a8aa5b19f5138029fe0fb36ef0165984e1a112e16ff3a3fe79395cf0eea8490cac48b9043d2d6a6ed046433e76aab38e7f817f25b2dc0fd04abe7e773c3d7ee
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan