njrat | 678c6d8585a6f5b73f1fb953852d72b18af35da4566248098ff1f13384977167 | Triage

Sharing

General

Target

678c6d8585a6f5b73f1fb953852d72b18af35da4566248098ff1f13384977167
Size

151KB
Sample

220520-hy9daaabhl
MD5

de60ed7b81a44cc3f849f7d9cc1bc012
SHA1

116f0f25f3bccfaf3aeedd410c82aca5ff707a51
SHA256

678c6d8585a6f5b73f1fb953852d72b18af35da4566248098ff1f13384977167
SHA512

66ef7f125012a489e70e83e99d99a688df2b7c698447264fa8aca4b1e6b3b3bc35f62d09e4b48e75e7e27511f29db491cc7a0c44d5067a517a8878f5567de1fe

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

194.5.98.252:4040

Mutex

33f7a57b89a02bde4760bf8635bffaec

Attributes

reg_key
33f7a57b89a02bde4760bf8635bffaec
splitter
|'|'|

Targets

- Target
  
  678c6d8585a6f5b73f1fb953852d72b18af35da4566248098ff1f13384977167
- Size
  
  151KB
- MD5
  
  de60ed7b81a44cc3f849f7d9cc1bc012
- SHA1
  
  116f0f25f3bccfaf3aeedd410c82aca5ff707a51
- SHA256
  
  678c6d8585a6f5b73f1fb953852d72b18af35da4566248098ff1f13384977167
- SHA512
  
  66ef7f125012a489e70e83e99d99a688df2b7c698447264fa8aca4b1e6b3b3bc35f62d09e4b48e75e7e27511f29db491cc7a0c44d5067a517a8878f5567de1fe
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan