njrat | hxxp://20[.]7[.]14[.]99/server/

Resubmissions

08/09/2022, 17:44

220908-wblklafbe7 3

07/09/2022, 00:27

05/09/2022, 16:52

05/09/2022, 16:42

05/09/2022, 16:37

31/08/2022, 06:37

31/08/2022, 06:32

31/08/2022, 05:40

Sharing

Copy URL Twitter E-mail

General

Target

http://20.7.14.99/server/
Sample

220831-haw32sabhk

Score

10^/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

20.7.14.99:5552

Mutex

9636f5e673cfb8069e1ef3d1f8bc784b

Attributes

reg_key
9636f5e673cfb8069e1ef3d1f8bc784b
splitter
|'|'|

Targets

- Target
  
  http://20.7.14.99/server/
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

njRAT/Bladabindi

Downloads MZ/PE file

Executes dropped EXE

Modifies Windows Firewall

Checks computer location settings

Drops startup file

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

urlscan1

behavioral1

behavioral2