njrat | c9631ad9ffaef823832bca97bc8c0a546a32ac3826af96220bb72c5fdd73856b | Triage

Sharing

General

Target

c9631ad9ffaef823832bca97bc8c0a546a32ac3826af96220bb72c5fdd73856b
Size

23KB
Sample

220520-rrysmsbcan
MD5

688dfb26a4368c7358860736f1201392
SHA1

51994d18b2cc339f1d8cb507be6f04d607d8540d
SHA256

c9631ad9ffaef823832bca97bc8c0a546a32ac3826af96220bb72c5fdd73856b
SHA512

b9e44e430fcab893f965596bb0b8adb94ee712414a1e0cef70b6497966640e264f260c8639fef837f5a87382ef16c6215187fdf0ba72c5da59ed8aca25f36350

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked

C2

abdulaziz.ddns.net:1177

Mutex

8260cbb41b0c678f9045b3e5caec0609

Attributes

reg_key
8260cbb41b0c678f9045b3e5caec0609
splitter
|'|'|

Targets

- Target
  
  c9631ad9ffaef823832bca97bc8c0a546a32ac3826af96220bb72c5fdd73856b
- Size
  
  23KB
- MD5
  
  688dfb26a4368c7358860736f1201392
- SHA1
  
  51994d18b2cc339f1d8cb507be6f04d607d8540d
- SHA256
  
  c9631ad9ffaef823832bca97bc8c0a546a32ac3826af96220bb72c5fdd73856b
- SHA512
  
  b9e44e430fcab893f965596bb0b8adb94ee712414a1e0cef70b6497966640e264f260c8639fef837f5a87382ef16c6215187fdf0ba72c5da59ed8aca25f36350
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan