njrat | dfd1bee3ed292173e7227059431ec28a4bb3f66eb21bc4553737d71715282669 | Triage

Sharing

General

Target

Server.exe
Size

806KB
Sample

221226-xfqwjsdd99
MD5

c0db2c222008fee946d5b2ba4fb157b2
SHA1

d239a776d1a56423950b05a8dfa48baad49b4806
SHA256

dfd1bee3ed292173e7227059431ec28a4bb3f66eb21bc4553737d71715282669
SHA512

b6c7c9652b62db2fe92e810b71c88a463bd9a59adb4f58980a03ca57e1209f5cd94df278cfc54882ac718b7be0abbc338cc0cfec38c2874e107f37a99c6d4430
SSDEEP

12288:8Jy90Zzik406D2jedlhjpRftS7ibdoQzzIVlFFpmub4IjpRbQMbP6kz3:Oyoin06D2adrjpRocoQHIVjZNFQMbnT

Score

10^/10

njrat pr0xed evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Pr0xed

C2

FRANSESCOzcuNzcuFRANSESCOjFRANSESCO5LjIzOQStrikStrik:NDI0MjA=

Mutex

30d8b46abd9407809a9e0bb4c05a740d

Attributes

reg_key
30d8b46abd9407809a9e0bb4c05a740d
splitter
|'|'|

Targets

- Target
  
  Server.exe
- Size
  
  806KB
- MD5
  
  c0db2c222008fee946d5b2ba4fb157b2
- SHA1
  
  d239a776d1a56423950b05a8dfa48baad49b4806
- SHA256
  
  dfd1bee3ed292173e7227059431ec28a4bb3f66eb21bc4553737d71715282669
- SHA512
  
  b6c7c9652b62db2fe92e810b71c88a463bd9a59adb4f58980a03ca57e1209f5cd94df278cfc54882ac718b7be0abbc338cc0cfec38c2874e107f37a99c6d4430
- SSDEEP
  
  12288:8Jy90Zzik406D2jedlhjpRftS7ibdoQzzIVlFFpmub4IjpRbQMbP6kz3:Oyoin06D2adrjpRocoQHIVjZNFQMbnT
Score

10^/10

persistence njrat pr0xed evasion trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Drops startup file
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

njratpr0xedevasionpersistencetrojan