njrat | 94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8 | Triage

Sharing

General

Target

94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8
Size

705KB
Sample

220520-3pq6kacbgl
MD5

a417bd210ba1cac6f5583a46f717c927
SHA1

ff6ea4714d231b8762203740b6e1142a56fae458
SHA256

94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8
SHA512

b95085a8d5739d5cc22de84b8319cbf4d9f4aa0c2397a403e27e493be80a857f27ebeba61f856b90f55dbb938c94c2443171c5b4d7d2ec1d0817cfea7fd9f924

Score

10^/10

njrat mybot evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

127.0.0.1:6522

Mutex

f4dd36e85bd93926452630eb2bb82274

Attributes

reg_key
f4dd36e85bd93926452630eb2bb82274
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8
- Size
  
  705KB
- MD5
  
  a417bd210ba1cac6f5583a46f717c927
- SHA1
  
  ff6ea4714d231b8762203740b6e1142a56fae458
- SHA256
  
  94da1350b6e8e3e7fbab0df965d5d29c24e7029746d5908c1d0778b5d65ef1e8
- SHA512
  
  b95085a8d5739d5cc22de84b8319cbf4d9f4aa0c2397a403e27e493be80a857f27ebeba61f856b90f55dbb938c94c2443171c5b4d7d2ec1d0817cfea7fd9f924
Score

10^/10

njrat mybot evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njratmybotevasionpersistencetrojan

behavioral2

njratmybotevasionpersistencetrojan