njrat | efcb3a0442e408f100a8ed2a0f06eb3e3391c05a1f82a200646428fe44985ce6 | Triage

Sharing

General

Target

efcb3a0442e408f100a8ed2a0f06eb3e3391c05a1f82a200646428fe44985ce6
Size

259KB
Sample

221126-kpvjwaac4y
MD5

902c604885675305c3888834697dcddf
SHA1

c25902824366715fddfce6410cb09301ec10a4ac
SHA256

efcb3a0442e408f100a8ed2a0f06eb3e3391c05a1f82a200646428fe44985ce6
SHA512

563a4530d6b761a9103fc821a0caee9897ed2442a2e83f4340d9c7510c4f8b00a7990e48f3db88c8e7a8d042724f348d4ac1f05968198f7bbbfea0bc88cd7f32
SSDEEP

3072:on2veCZ334TrOo1RojP71dIuvxOeCYgLAtzNGl4BD2RFTkmRwhB9:on2GcHFjOeCYgLMzNGScFwm+

Score

10^/10

njrat evasion persistence trojan

Malware Config

Targets

- Target
  
  efcb3a0442e408f100a8ed2a0f06eb3e3391c05a1f82a200646428fe44985ce6
- Size
  
  259KB
- MD5
  
  902c604885675305c3888834697dcddf
- SHA1
  
  c25902824366715fddfce6410cb09301ec10a4ac
- SHA256
  
  efcb3a0442e408f100a8ed2a0f06eb3e3391c05a1f82a200646428fe44985ce6
- SHA512
  
  563a4530d6b761a9103fc821a0caee9897ed2442a2e83f4340d9c7510c4f8b00a7990e48f3db88c8e7a8d042724f348d4ac1f05968198f7bbbfea0bc88cd7f32
- SSDEEP
  
  3072:on2veCZ334TrOo1RojP71dIuvxOeCYgLAtzNGl4BD2RFTkmRwhB9:on2GcHFjOeCYgLMzNGScFwm+
Score

10^/10

evasion persistence njrat trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

njratevasionpersistencetrojan