njrat | hxxp://20[.]7[.]14[.]99/server/ | Triage

Submit
Reports

Overview

overview

Static

static

URLScan

urlscan

1

http://20.7.14.99/se...

windows7-x64

http://20.7.14.99/se...

windows10-2004-x64

Resubmissions

08-09-2022 17:44

220908-wblklafbe7 3

07-09-2022 00:27

220907-arqnlaafh7 1

05-09-2022 16:52

220905-vdthjsehd3 3

05-09-2022 16:42

220905-t7p7jsegc2 7

05-09-2022 16:37

220905-t49f1sefh3 3

31-08-2022 06:37

220831-hdwlpabhc7 1

31-08-2022 06:32

220831-haw32sabhk 10

31-08-2022 05:40

220831-gcy5rahffl 10

Sharing

General

Target

http://20.7.14.99/server/
Sample

220831-haw32sabhk

Score

10^/10

njrat hacked evasion persistence trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

http://20.7.14.99/server/

Resource

win7-20220812-en

njrat hacked evasion persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

http://20.7.14.99/server/

Resource

win10v2004-20220812-en

njrat hacked evasion persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

20.7.14.99:5552

Mutex

9636f5e673cfb8069e1ef3d1f8bc784b

Attributes

reg_key
9636f5e673cfb8069e1ef3d1f8bc784b
splitter
|'|'|

Targets

- Target
  
  http://20.7.14.99/server/
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

njrathackedevasionpersistencetrojan

behavioral2

njrathackedevasionpersistencetrojan

© 2018-2024

Terms | Privacy