njrat | 45144dac6f0fb2288e9907e24c33e5a5564e5a37c5d23dca2c12c64772dba35b | Triage

Sharing

General

Target

45144dac6f0fb2288e9907e24c33e5a5564e5a37c5d23dca2c12c64772dba35b
Size

31KB
Sample

220707-vrydnaebf6
MD5

5e55765ec97ccc7d6ecfbdf6e9f26155
SHA1

4e78bb01e58c5ebe489912828ec7eb46a0337ab9
SHA256

45144dac6f0fb2288e9907e24c33e5a5564e5a37c5d23dca2c12c64772dba35b
SHA512

b7cb676a66420a0ebb54d12f7d9282d640ef253a6ed7974dc0a1c790ca632116b97c63f25cbc5ac5a968c37130e50978d6c32ae13714337ac7e02511a5eee152

Score

10^/10

njrat shopopony evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

ShopOpony

C2

91.234.146.123:6969

Mutex

950a99e57bf5a95e96d7a7e6cec86031

Attributes

reg_key
950a99e57bf5a95e96d7a7e6cec86031
splitter
Y262SUCZ4UJJ

Targets

- Target
  
  45144dac6f0fb2288e9907e24c33e5a5564e5a37c5d23dca2c12c64772dba35b
- Size
  
  31KB
- MD5
  
  5e55765ec97ccc7d6ecfbdf6e9f26155
- SHA1
  
  4e78bb01e58c5ebe489912828ec7eb46a0337ab9
- SHA256
  
  45144dac6f0fb2288e9907e24c33e5a5564e5a37c5d23dca2c12c64772dba35b
- SHA512
  
  b7cb676a66420a0ebb54d12f7d9282d640ef253a6ed7974dc0a1c790ca632116b97c63f25cbc5ac5a968c37130e50978d6c32ae13714337ac7e02511a5eee152
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan