njrat | 8f55837a7a035117a528c0da978c25c8e1e4c354681726aab63418bec3177dfb | Triage

Sharing

General

Target

8f55837a7a035117a528c0da978c25c8e1e4c354681726aab63418bec3177dfb
Size

98KB
Sample

221127-sye5jsgh32
MD5

c5db3dc96c8fb13b944e35bca89b6850
SHA1

88fa99afa6e0d60e84ee0f236ab110d4fe9ff1c6
SHA256

8f55837a7a035117a528c0da978c25c8e1e4c354681726aab63418bec3177dfb
SHA512

99d7bdbc0e78badbe01ec87c82722fe0815ec70b4878f9a350b0ba815141f63bdd79ab0f86d13ad6bc6ae8eee397ac581a65fc32cf4149edd7618a0638555a9a
SSDEEP

3072:W9DN8b6H6TwnZ1/u+qzkor/ZLvwYwT/MiY:WqZT0/fqoojZLvIMiY

Score

10^/10

njrat 1111 evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

1111

C2

mikpektis.no-ip.biz:1600

Mutex

49abcc42139f02af245c212e79830cd6

Attributes

reg_key
49abcc42139f02af245c212e79830cd6
splitter
|'|'|

Targets

- Target
  
  8f55837a7a035117a528c0da978c25c8e1e4c354681726aab63418bec3177dfb
- Size
  
  98KB
- MD5
  
  c5db3dc96c8fb13b944e35bca89b6850
- SHA1
  
  88fa99afa6e0d60e84ee0f236ab110d4fe9ff1c6
- SHA256
  
  8f55837a7a035117a528c0da978c25c8e1e4c354681726aab63418bec3177dfb
- SHA512
  
  99d7bdbc0e78badbe01ec87c82722fe0815ec70b4878f9a350b0ba815141f63bdd79ab0f86d13ad6bc6ae8eee397ac581a65fc32cf4149edd7618a0638555a9a
- SSDEEP
  
  3072:W9DN8b6H6TwnZ1/u+qzkor/ZLvwYwT/MiY:WqZT0/fqoojZLvIMiY
Score

10^/10

njrat 1111 evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

njrat1111evasionpersistencetrojan

behavioral2

njrat1111evasionpersistencetrojan