njrat | hxxps://bit[.]ly/3UWocoh | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://bit.ly/3UWoc...

windows10-2004-x64

Sharing

General

Target

https://bit.ly/3UWocoh
Sample

230417-mcjmysdg45

Score

10^/10

njrat hacked evasion persistence trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://bit.ly/3UWocoh

Resource

win10v2004-20230220-en

njrat hacked evasion persistence trojan

windows10-2004-x64

18 signatures

1800 seconds

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

academic-furnishings.at.ply.gg:55855

Mutex

9b3614222936e2e7b0175aee01575b41

Attributes

reg_key
9b3614222936e2e7b0175aee01575b41
splitter
|'|'|

Targets

- Target
  
  https://bit.ly/3UWocoh
Score

10^/10

njrat hacked evasion persistence trojan
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

njrathackedevasionpersistencetrojan

© 2018-2025

Terms | Privacy