njrat | f584cfad98b43127b4926e288402c3f378355f3f4a8542a366081beff470fc07 | Triage

Sharing

General

Target

f584cfad98b43127b4926e288402c3f378355f3f4a8542a366081beff470fc07
Size

23KB
Sample

221125-hjrvpacd9v
MD5

50d5a3fd05dd566e0a74d5e0ea7f1ac8
SHA1

33262c57bab468629d622047204daa8abdb90058
SHA256

f584cfad98b43127b4926e288402c3f378355f3f4a8542a366081beff470fc07
SHA512

a0c272b2e0d3d031c654a6f0481304dafbafd4a73d3fcd9f3e6e009272c477f0d887d523ee768b861f5e228b1c4f72f905398885951ee0ba33538e5d3b65f0d8
SSDEEP

384:+Gwz6+T4IjWZFNwXU0eiNUB+vt6NgT+lLOhXxQmRvR6JZlbw8hqIusZzZtc:qTbC81NNRpcnuF

Score

10^/10

njrat 4 evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

4

C2

kadimon1.no-ip.info:5243

Mutex

20b288331ea1f38d82005df62f97b2b1

Attributes

reg_key
20b288331ea1f38d82005df62f97b2b1
splitter
|'|'|

Targets

- Target
  
  f584cfad98b43127b4926e288402c3f378355f3f4a8542a366081beff470fc07
- Size
  
  23KB
- MD5
  
  50d5a3fd05dd566e0a74d5e0ea7f1ac8
- SHA1
  
  33262c57bab468629d622047204daa8abdb90058
- SHA256
  
  f584cfad98b43127b4926e288402c3f378355f3f4a8542a366081beff470fc07
- SHA512
  
  a0c272b2e0d3d031c654a6f0481304dafbafd4a73d3fcd9f3e6e009272c477f0d887d523ee768b861f5e228b1c4f72f905398885951ee0ba33538e5d3b65f0d8
- SSDEEP
  
  384:+Gwz6+T4IjWZFNwXU0eiNUB+vt6NgT+lLOhXxQmRvR6JZlbw8hqIusZzZtc:qTbC81NNRpcnuF
Score

10^/10

njrat 4 evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat4evasionpersistencetrojan

behavioral2